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Abstract 

Cryptographic protocols with single blind copying were defined and modeled 
by Comon and Cortier using the new class C of first order clauses. They showed 
its satisfiability problem to be in 3-DEXPTIME. We improve this result by show- 
ing that satisfiability for this class is NEXPTIME-complete, using new resolution 
techniques. We show satisfiability to be DEXPTIME-complete if clauses are Horn, 
which is what is required for modeling cryptographic protocols. While translation 
to Horn clauses only gives a DEXPTIME upper bound for the secrecy problem for 
these protocols, we further show that this secrecy problem is actually DEXPTIME- 
complete. 

1 Introduction 

Several researchers have pursued modeHng of cryptographic protocols using first order 
clauses P1ISI I17I and related formalisms like tree automata and set constraints 151 1 121 
1131 . While protocol insecurity is NP-complete in case of a bounded number of sessions 
1161 . this is helpful only for detecting some attacks. For certifying protocols, the num- 
ber of sessions cannot be bounded, although we may use other safe abstractions. The 
approach using first order clauses is particularly useful for this class of problems. A 
common safe abstraction is to allow a bounded number of nonces, i.e. random numbers, 
to be used in infinitely many sessions. Security however still remains undecidable (Sj. 
Hence further restrictions are necessary to obtain decidability. 

In this direction, Comon and Cortier (6| |8l proposed the notion of protocols with 
single blind copying. Intuitively this restriction means that agents are allowed to copy 
at most one piece of data blindly in any protocol step, a restriction satisfied by most 
protocols in the literature. Comon and Cortier modeled the secrecy problem for these 
protocols using the new class C of first order clauses, and showed satisfiability for C 
to be decidable ^ in 3-DEXPTIME t8J. The NEXPTIME lower bound is easy. We 
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show in this paper that satisfiability of this class is in NEXPTIME, thus NEXPTIME- 
complete. If clauses are restricted to be Horn, which suffices for modeling of crypto- 
graphic protocols, we show that satisfiability is DEXPTIME-complete (again the lower 
bound is easy). While translation to clauses only gives a DEXPTIME upper bound for 
the secrecy problem for this class of protocols, we further show that the secrecy prob- 
lem for these protocols is also DEXPTIME-complete. 

For proving our upper bounds, we introduce several variants of standard ordered 
resolution with selection and splitting |2 1. Notably we consider resolution as consisting 
of instantiation of clauses, and of generation of propositional implications. This is in 
the style of Ganzinger and Korovin |i 10 1, but we adopt a slightly different approach, and 
generate interesting implications to obtain optimal complexity. More precisely, while 
the approach of IIOI . emphasizes a single phase of instantiation followed by proposi- 
tional satisfiability checking, we interleave generation of interesting instantiations and 
propositional implications in an appropriate manner to obtain optimal complexity. We 
further show how this technique can be employed also in presence of rules for replace- 
ment of literals in clauses, which obey some ordering constraints. To deal with the 
notion of single blind copying we show how terms containing a single variable can be 
decomposed into simple terms whose unifiers are of very simple forms. As byproducts, 
we obtain optimal complexity for several subclasses of C, involving so called _^af and 
one-variable clauses. 

Outline: We start in Section |2]by recalling basic notions about first order logic and 
resolution refinements. In Section|3]we introduce cryptographic protocols with single 
blind copying, discuss their modeling using the class C of first order clauses, and show 
that their secrecy problem is DEXPTIME-hard. To decide the class C we gradually 
introduce our techniques by obtaining DEXPTIME-completeness and NEXPTIME- 
completeness for one-variables clauses and flat clauses in Sections|4]and|5]respectively. 
In Section|6| the techniques from the two cases are combined with further ideas to show 
that satisfiability for C is NEXPTIME-complete. In Section0we adapt this proof to 
show that satisfiability for the Horn fragment of C is DEXPTIME-complete. 

2 Resolution 

We recall standard notions from first order logic. Fix a signature S of function symbols 
each with a given arity, and containing at least one zero-ary symbol. Let r be the max- 
imal arity of function symbols in S. Fix a set X = {xi, X2, X3, . . .} of variables. Note 
that Xi, X2, ... (in bold face) are the actual elements of X, where as x, y, z, xi, yi, ■ ■ ■ 
are used to represent arbitrary elements of X. The set Ts (X) of terms built from S 
and X is defined as usual. Ts is the set of ground terms, i.e. those not containing 
any variables. Atoms A are of the form P{ti, . . . , tn) where P is an n-ary predicate 
and ti's are terms. Literals L are either positive literals +A (or simply A) or negative 
literals —A, where A is an atom. ~{~A) is another notation for A. ± denotes + or 
— and ^ denotes the opposite sign (and similarly for notations ±', =f', . . .). A clause 
is a finite set of literals. A negative clause is one which contains only negative liter- 
als. If M is any term, literal or clause then the set fv(M) of variables occurring in 
them is defined as usual. If Ci and C2 are clauses then Ci V C2 denotes Ci U C2. 
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C V {L} is written as C V L (In this notation, we allow the possibility of L G C). 
If Ci, . . . ,Cn are clauses such that fv(Ci) n fv(Cj) = for i ^ j, and if Ci is non- 
empty for i > 2, then the clause Ci V . . . V C„ is also written as Ci U . . . U C„ to 
emphasize this property. Ground literals and clauses are ones not containing variables. 
A term, literal or clause is trivial if it contains no function symbols. A substitution 
is a function cr : X ^ T^CK). Ground substitutions map every variable to a ground 
term. We write cr = {xi ti, . . . , a;„ i-^ t„} to say that Xicr = ti for 1 < i < n 
and xa = X for x ^ {xi, . . . ,x„}. If M is a term, literal, clause, substitution or 
set of such objects, then the effect Ma of applying tr to M is defined as usual. Re- 
namings are bijections cr : X ^ X. If M is a term, literal, clause or substitution, 
then a renaming of M is of the form AI a for some renaming a, and an instance of 
M is of the form Ma for some substitution a. If M and N are terms or literals then 
a unifier of M and is a substitution such that Ma = Na. If such a unifier ex- 
ists then there is also a most general unifier (mgu), i.e. a unifier a such that for every 
unifier a' of M and N, there is some a" such that ct' = aa". Most general unifiers 
are unique upto renaming: if ai and <T2 are two mgus of M and then ai is a re- 
naming of a2- Hence we may use the notation mgu{M, N) to denote one of them. 
We write M[xi, . . . , a;„] to say that fv(Af) C {xi, . . . , Xn}- If ii, ■ ■ ■ , are terms 
then M[ti, ...,<„] denotes M {xi i-^ ti, . . . ,Xn i— > t„}. If is a set of terms them 
M[N] = {M[ti, . . . , t„] I ti,. . . ,tn e N}. If M is a set of terms, atoms, literals or 
clauses them M[N] = UmGJ\f ™[-^]- ^ Herbrand interpretation is a set of ground 
atoms. A clause C is satisfied in if for every ground substitution a, either A g Ti 
for some A e Ccr, ot A ^ H for some —A e Ccr. A set S of clauses is satisfied in Ti 
if every clause of S is satisfied in Ti. If such a Ti exists then S is satisfiable, and Ti is 
a Herbrand model of 5. A Horn clause is one containing at most one positive literal. 
If a set of Horn clauses is satisfiable then it has a least Herbrand model wrt the subset 
ordering. 

Resolution and its refinements are well known methods for testing satisfiability of 
clauses. Given a strict partial order < on atoms, a literal ±A is maximal in a clause 
C if there is no literal ±'B G C with A < B. Binary ordered resolution and ordered 
factorization wrt ordering < are defined by the following two rules respectively: 

CiW A -B\/C2 Ci V ±A V ±B 

Cia V C2a Cia V Aa 

where a = mgu{A, B) in both rules, A and B are maximal in the left and right 
premises respectively of the first rule, and A and B are both maximal in the premise of 
the second rule. We rename the premises of the first rule before resolution so that they 
don't share variables. The ordering < is stable if: whenever Ai < A2 then Aia < A2a 
for all substitutions a. We write 5 =>< S* U {C} to say that C is obtained by one appli- 
cation of the binary ordered resolution or binary factorization rule on clauses in S (the 
subscript denotes the ordering used). 

Another resolution rule is splitting. This can be described using tableaux. A 
tableau is of the form 5*1 | ... | Sn, where n > and each Si, called a branch 
of the tableau, is a set of clauses (the | operator is associative and commutative). A 
tableau is satisfiable if at least one of its branches is satisfiable. The tableau is called 
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closed if each Si contains the empty clause, denoted □. The splitting step on tableaux 
is defined by the rule 

r I s -^spi T\{s\{CiU C2}) u {Ci} I {s \ {Ci u C2}) u {C2} 

whenever Ci UC2 G S and Ci and C2 are non-empty. Ci and C2 are called components 
of the clause Ci UC2 being split. It is well known that splitting preserves satisfiability of 
tableaux. We may choose to apply splitting eagerly, or lazily or in some other fashion. 
Hence we define a splitting strategy to be a function </> such that T -^spi <P{T) for all 
tableaux T. The relation is extended to tableaux as expected. Ordered resolution 
with spHtting strategy is then defined by the rule 

Ti ^<.4> 4>{%) whenever Ti % 

This provides us with a well known sound and complete method for testing satisfiabil- 
ity. For any binary relation R, R* denotes the reflexive transitive closure of R, and R^ 
denotes the transitive closure of R. 

Lemma 1 For any set S of clauses, for any stable ordering <, and for any splitting 
strategy (j), S is unsatisfiable iff S ^ for some closed T. 

If all predicates are zero-ary then the resulting clauses are propositional clauses. In 
this case we write 5 Np T to say that every Herbrand model of S* is a Herbrand model 
of T. This notation will also be used when S and T are sets of first order clauses, 
by treating every (ground or non-ground) atom as a zero-ary predicate. For example 
{P(a), -P(a)} Np □ but {P{x), -P{a)} J^p □. S Np {C} is also written as S Np C. 
If S* Np C then clearly Sa Np Ccr for all substitution a. 

3 Cryptographic Protocols 

We assume that E contains the binary functions {_}_ and (_, _) denoting encryption and 
pairing. Messages are terms of T5](X). A state is of the form S{Mi, . . . , M„) where 
S with arity n is from a finite set of control points and Mi are messages. It denotes 
an agent at control point S with messages Mi in its memory. An initialization state is 
a state not containing variables. We assume some strict partial order < on the set of 
control points. A protocol rule is of the form 

5i(Afi, . . . ,M„) : recv(M) ^ S2iNi, . . . ,iV„) : send(Ar) 

where Si < S2, Mi, Nj are messages, and M and N are each either a message, or a 
dummy symbol ? indicating nothing is received (resp. sent). For secrecy analysis we 
can replace ? by some public message, i.e. one which is known to everyone includ- 
ing the adversary. The rule says that an agent in state Si{Mi, . . . , M^) can receive 
message M, send a message N, and then move to state 6*2(^^1, • ■ • ,-/V„), thus also 
modifying the messages in its memory. A protocol is a finite set of initialization states 
and protocol rules. This model is in the style of ||9l and (Sj. The assumption of single 
blind copying then says that each protocol rule contains at most one variable (which 
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may occur anywhere any number of times in that rule). For example, the public-key 
Needham-Schroeder protocol 



A 

A^B 



{A,NA]Kn 

{Na,Nb}ku 
{Nb}ks 



is written in our notation as follows. For every pair of agents A and B in our system 
(finitely many of them suffice for finding all attacks against secrecy Q |6|) we have 
two nonces N\g and N\g to be used in sessions where A plays the initiator's role 
and B plays the responder's role. We have initialization states lnito(A, A^^^) and 
Respo(i?, N\g ) for all agents A and B. Corresponding to the three lines in the protocol 
we have rules for all agents A and B 



lnito(A,iV^s):recv(?) ^ N\g):send{{{A, N\b)}k^) 

Respo(B, 7V2^):recv({(A, x)]Kn) ^Respi(B, x, Nlg):send{{{x, Nlg)}K^) 

\n\X-i_{A, N\g):recy{{{N\g,x)] Ka)^ \r^\t2{A, N\g,x):s&nd{{x] Kb) 
Respi(B, X, N\g):recy{{N\j^}KB) ^Resp2(B, x, N\g):send{l) 

Any initialization state can be created any number of times and any protocol rule 
can be executed any number of times. The adversary has full control over the net- 
work: all messages received by agents are actually sent by the adversary and all mes- 
sages sent by agents are actually received by the adversary. The adversary can ob- 
tain new messages from messages he knows, e.g. by performing encryption and de- 
cryption. To model this using Horn clauses, we create a unary predicate reach to 
model reachable states, and a unary predicate known to model messages known to 
the adversary. The initialization state S{Mi, . . . , A/„) is then modeled by the clause 
reach (5(Afi, . . . , Af„)), where 5 is a new function symbol we create. The protocol 
rule 

. . . , Mm) ■■ recv(A/) ^ ^2(^1, ■ ■ ■ , N^) : send{N) 
is modeled by the clauses 

known(A^) V -reach(S'i(Mi, . . . ,M™)) V -known(M) 
reach(S'2(iVi, . . . ,iV„)) V -reach(S'i(A/i, . . . ,Afm)) V -known(A/) 

Under the assumption of single blind copying it is clear that all these clauses are one- 
variable clauses, i.e. clauses containing at most one variable. We need further clauses 
to express adversary capabilities. The clauses 

known({xi}x2) V — known(xi) V — known(x2) 
known(xi) V — knowndxijx^) V — known(x2) 

express the encryption and decryption abilities of the adversary. We have similar 
clauses for his pairing and unpairing abilities, as well as clauses 

known(/(xi, . . . , x„)) V — known(xi) V ... V — known(x„) 
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for any function / that the adversary knows to apply. All these are clearly ^af clauses, 
i.e. clauses of the form 

k I 

C=\J ±^mMxl . . . V V ±jQj{x,) 

where {x\, . . . ,xl^.} = fv((7) for 1 < i < k. Asymmetric keys, i.e. keys K such 
that message {M}k can only be decrypted with the inverse key K^^, are also easily 
dealt with using flat and one-variable clauses. The adversary's knowledge of other 
data c Uke agent's names, public keys, etc are expressed by clauses known(c). Then 
the least Herbrand model of this set of clauses describes exactly the reachable states 
and the messages known to the adversary. Then to check whether some message M 
remains secret, we add the clause — known(M) and check whether the resulting set is 
satisfiable. 

A set of clauses is in the class Vi if each of its members is a one-variable clause. A 
set of clauses is in the class if each of its members is a flat clause. More generally 
we have the class C proposed by Comon and Cortier (6ll8|: a set of clauses S is in the 
class C if for each C E S one of the following conditions is satisfied. 

1 . C is a one-variable clause 

2. C = Vti ±^P^{u^[Mx\, V V^=i ^jQji^j)^ whcrc for 1 < i < fc 
we have {x\ , ■ ■ ■ , x^. } = fv(C) and Ui contains at most one variable. 

If all clauses are Horn then we have the corresponding classes ViHorn, THorn and 
CHorn. Clearly the classes Vi (resp. ViHorn) and T (resp. THorn) are included 
in the class C (resp. CHorn) since the li^'s above can be trivial. Conversely any 
clause set in C can be considered as containing just flat and one-variable clauses. 
This is because we can replace a clause C V ±P{u[f{xi, . . . ,x„)]) by the clause 
CV±Pu(/(a;i, . . .,Xn)) and add clauses -Pu{x)y P{u[x]) and Pu{x)y -P{u[x]) 
where Pu is a fresh predicate. This transformation takes polynomial time and pre- 
serves satisfiability of the clause set. Hence now we need to deal with just flat and 
one- variable clauses. In the rest of the paper we derive optimal complexity results for 
all these classes. 

Still this only gives us an upper bound for the secrecy problem of protocols since 
the clauses could be more general than necessary. It turns out, however, that this is not 
the case. In order to show this we rely on a reduction of the reachability problem for 
alternating pushdown systems (APDS). In form of Horn clauses, an APDS is a finite set 
of clauses of the form 

(i) P{a) where a is a zero-ary symbol 

(ii) P{s[x]) V —Q{t[x]) where s and t involve only unary function symbols, and 

(iii) P{x) V -Pi{x) V -P2{x) 

Given any set S of definite clauses (i.e. Horn clauses having some positive literal), a 
ground atom A is reachable if A is in the least Herbrand model of S, i.e. if 5U {— ^4} is 
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unsatisfiable. Reachability in APDS is DEXPTIME-hard f4l- We encode this problem 
into secrecy of protocols, as in |9j|. Let K be a (symmetric) key not known to the 
adversary. Encode atoms P{t) as messages {(P, t)};^, by treating P as some data. 
Create initialization states 5*1 and S2 (no message is stored in the states). Clauses (i-iii) 
above are translated as 

Sx : recv(?) ^ ^2 : send({(P, a))K) 

Si: recv{{{Q,t[x])}K) ^ S2 : send{{{P, s[x])}k) 

Si: rec^/i{{{Pux}}K,{{P2,x)}K)) ^ ^2 : send({(P, 

The intuition is that the adversary cannot decrypt messages encrypted with K. He also 
cannot encrypt messages with K. He can only forward messages which are encrypted 
with K. However he has the ability to pair messages. This is utilized in the translation 
of clause (iii). Then a message {M}x is known to the adversary iff M is of the form 
(P, t) and P{t) is reachable in the APDS. 

Theorem 1 Secrecy problem for cryptographic protocols with single blind copying, 
with bounded number of nonces but unbounded number of sessions is DEXPTIME- 
hard, even if no message is allowed to be stored at any control point. 



4 One Variable Clauses: Decomposition of Terms 

We first show that satisfiability for the classes Vi and ViHorn is DEXPTIME-complete. 
We recall also that although we consider only unary predicates, this is no restric- 
tion in the case of one-variable clauses, since we can encode atoms P(ti, . . . , tn) as 
P'{fn{ti . . . , tn)) for fresh P' and /„ for every P of arity n. As shown in |^|8], or- 
dered resolution on one-variable clauses, for a suitable ordering, leads to a linear bound 
on the height of terms produced. This does not suffice for obtaining a DEXPTIME up- 
per bound and we need to examine the forms of unifiers produced during resolution. 
We consider terms containing at most one variable (call them one-variable terms) to 
be compositions of simpler terms. A non-ground one-variable term t[x] is called re- 
duced if it is not of the form M[?;[a;]] for any non-ground non-trivial one-variable terms 
u[x] and v[x]. The term f{g{x), h{g{x))) for example is not reduced because it can be 
written as f{x, h{x))[g{x)]. The term f'{x, g{x), a) is reduced. Unifying it with the 
reduced term f'{h{y), g{h{a)), y) produces ground unifier {x ^ h{y)[a],y ^ a] and 
both h{y) and a are strict subterms of the given terms. Indeed we find: 

Lemma 2 Let s[x\ andt[y] be reduced, non-ground and non-trivial terms where x ^ y 
and s[x\ ^ t[x]. If s and t have a unifier a then xa, ya G U[V] where U is the set 
of non-ground (possibly trivial) strict subterms of s and t, and V is the set of ground 
strict subterms of s and t. 

Proof: See AppendixlAl 

In case both terms (even if not reduced) have the same variable we have the follow- 
ing easy result: 

Lemma 3 Let a be a unifier of two non-trivial, non-ground and distinct one-variable 
terms s[x\ andt[x]. Then xa is a ground strict subterm of s or oft. 
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Proof: See AppendixIXI 

In the following one-variable clauses are simplified to involve only reduced terms. 

Lemma 4 Any non-ground one-variable term t[x\ can be uniquely written as t[x\ = 
ii[^2[- • ■ • ■ •]] where n > and each ti[x\ is non-trivial, non-ground and re- 

duced. This decomposition can be computed in time polynomial in the size oft. 

Proof: We represent t[x\ as a DAG by doing maximal sharing of subterms. If t[x\ = x 
then the result is trivial. Otherwise let N be the position in this graph, other than the 
root node, closest to the root such that N lies on every path from the root to the node 
corresponding to the subterm x. Let t' be the strict subterm of t at position and let 
ti be the term obtained from t by replacing the sub-DAG at N by x. Then t = ti\t'] 
and ti is reduced. We then recursively decompose t' . 

Uniqueness of decomposition follows from Lemma|2] □ 

Above and elsewhere, if n = then ti[t2[- • • [^n[a;]] • ■ •]] denotes x. Now if a 
clause set contains a clause C — C V ±P{t[x]), with t[x] being non-ground, if 
t[x] — ti[. . . [tn[x]] ■ ■ ■] where each ti is non-trivial and reduced, then we create 
fresh predicates Pti . . .ti for 1 < j < 7i — 1 and replace C by the clause C" V 
±Pti . . .tn-i{tn[x]). Also we add clauses Pt^ . . .ti{ti^i[x]) V —Pti . . .ti+i{x) and 
—Pti . . . ti{ti+i[x])\/ Pti . . . ti^i{x) for 0<i<n — 2to our clause set. Note that the 
predicates Pti . . .ti are considered invariant under renaming of terms tj. For i = 0, 
Pti . . .tiis same as P. Our transformation preserves satisfiability of the clause set. By 
Lemmal^this takes polynomial time and eventually all non-ground literals in clauses 
are of the form ±P{t) with reduced t. Next if the clause set is of the form SU{CiUC2}, 
where Ci is non-empty and has only ground literals, and C2 is non-empty and has only 
non-ground literals, then we do splitting to produce S U {Ci} | S U {C2}. This pro- 
cess produces at most exponentially many branches each of which has polynomial size. 
Now it suffices to decide satisfiability of each branch in DEXPTIME. Hence now we 
assume that each clause is either: 
(Ca) a ground clause, or 

(Cb) a clause containing exactly one variable, each of whose literals is of the form 
ztP{t[x]) where t is non-ground and reduced. 

Consider a set S of clauses of type Ca and Cb. We show how to decide satisfiability of 
the set S. Wlog we assume that all clauses in S of type Cb contain the variable xi. Let 
Ng be the set of non-ground terms i[xi] occurring as arguments in literals in S. Let 
Ngs be the set of non-ground subterms t[x.i] of terms in Ng. We assume that Ng and 
Ngs always contain the trivial term xi, otherwise we add this term to both sets. Let 
G be the set of ground subterms of terms occurring as arguments in literals in S. The 
sizes of Ng, Ngs and G are polynomial. Let 5^ be the set of clauses of type Ca and Cb 
which only contain literals of the form ±P{t) for some t G Ng U Ng[Ngs[G]] (observe 
that G C Ngs[G] C Ng[Ngs[G]]). The size of S't is at most exponential. 

For resolution we use ordering ^: P{s) -< Q{t) iff s is a strict subterm of t. We 
call -< the subterm ordering without causing confusion. This is clearly stable. This is 
the ordering that we are going to use throughout this paper. In particular this means 
that if a clause contains literals ±P{x) and ±'Q{t) where t is non-trivial and contains 
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a;, then we cannot choose the literal ±P{x) to resolve upon in this clause. Because of 
the simple form of unifiers of reduced terms we have: 

Lemma 5 Binary ordered resolution and ordered factorization, wrt the subterm order- 
ing, on clauses in produces clauses which are again in (upto renaming). 

Proof: Factorization on a ground clause doesn't produce any new clause. Now suppose 
we factorize the non-ground clause C[xi] V ±P(s[xi]) V ±P(f[xi]) to produce the 
clause C[xi]cr V ±P(s[xi])(t where a = mgu(s[xi], t[xi]). If the premise has only 
trivial literals then factorization is equivalent to doing nothing. Otherwise by ordering 
constraints, s and t are non-trivial. By Lemma |3] either s[xi] = t[xi] in which case 
factorization does nothing, or xi cr is a ground subterm of s[xi] or of i[xi]. In the latter 
case all literals in (C[xi] VP(s[xi])(t are of the form ±'Q(t'[xi](T)) where t'[xi] G Ng 
andxicr G G C Ngs[G]. 

Now we consider binary resolution steps. We have the following cases: 

• If both clauses are ground then the result is clear. 

• Now consider both clauses Ci[xi] and C2[xi] to be non-ground. Before res- 
olution we rename the second clause to obtain C2[x2]. Clearly all literals in 
Ci[xi] and C2[xi] are of the form ±Q(m[xi]) where u[xi] G Ng. Let Ci[xi] = 
C;[xi] V P(s[xi]) and C2[x2] = -P(<[x2]) V C^[x2] where P(s[xi]) and 
— P(t[x2]) are the literals to be resolved upon in the respective clauses. If s[xi] 
and t[x2] are unifiable then from Lemma|2] one of the following cases hold: 

- s[xi] = xi (the case where i[x2] = X2 is treated similarly). From the def- 
inition of for P(s[xi]) to be chosen for resolution, all literals in C( [xi] 
are of the form ±(5(xi). The resolvent is C[x2] = C([xi](t U C2, where 
a ~ {xi i-^ i[x2]}. Each literal in CJ [xi]cr is of the form ±Q(i[x2]) and 
each literal in C2[x2] is of the form ±Q(i'[x2]) where t' G Ng. Hence 
C[xi] G S^. 

- s[xi] = t[xi]. Then the resolvent is C([xi] V C2[xi]. 

- s[xi] and t[x2] have a mgu cr such that xicr, X2cr G Ngs[G]. The resolvent 
C'l [xi](7 V C2[x2]o' has only ground atoms of the form ±Q{t') where t' G 
Ng[Ngs[G]]. 

• Now let the first clause Ci[xi] = C([xi] V ±P(i[xi]) be non-ground, and the 
second clause C2 = ^P{s) V C2 be ground with ±P(t[xi]) and tP{s) being 
the respective literals chosen from Ci[xi] and C2 for resolution. All literals in 
Ci[xi] are of the form ±'(5(t'[xi]) with t' G Ng. All Uterals in C2 are of the 
form ±'Q{t') with t' G Ng[Ngs[G]]. Suppose that s and t[xi] do unify. We have 
the following cases: 

- s G Ngs[G]. Then the resolvent C = [xijcr U C2 where a = {xi n> g} 
where g is subterm of s. As s G Ngs[G] hence g G Ngs[G]. Hence all 
literals in C( [xi]cr are of the form ±Q{t') where t' G Ng[Ngs[G]]. Hence 

C G S'^. 
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- Now suppose s E Ng[Ngs[G]] \ Ngs[G]. We must have s = si [52] for some 
non-trivial si[xi] e Ng and some S2 G Ngs[G]. This is the interesting case 
which shows why the terms remain in the required form during resolution. 
The resolvent is C = C([xi](t V where a = {xi 1-^ g} is the mgu 
of t[xi] and s for some ground term g. As t[g] = Si[s2], o\ = {xi 1-^ 
g,n^2 ^ S2} is a unifier of the terms t[xi] and Si[x2]. By Lemma|2|we 
have the following cases: 

* t\x.{\ = xi, so that g = s € Ng[Ngs[G]]. By definition of -<, for 
±P(i[xi]) to be chosen for resolution, all literals in Ci [xi] must be of 
the form ±'(5(xi). Hence all literals in C[(j are of the form ±'Q{g). 
Hence C S S'^ 

* i[xi] = si[xi]. Then g — S2 E Ngs[G]. Hence all literals in CJcr are 
of the form ±'Q{t'[g]) where i'[xi] G Ng. Hence C G Sl 

* g = xi<T G Ngs[G]. Hence all literals in C(cr are of the form ±'Q{t'[g]) 
where t' G Ng. Hence C & S^. □ 

Hence to decide satisfiability of S* C S^, we keep generating new clauses of S"^ 
by doing ordered binary resolution and ordered factorization wrt the subterm ordering 
tiU no new clause can be generated, and then check whether the empty clause has been 
produced. Also recall that APDS consist of Horn one-variable clauses. Hence: 

Theorem 2 Satisfiability for the classes Vi and ViHorn is DEXPTIME-complete. 

5 Flat Clauses: Resolution Modulo Propositional Rea- 
soning 

Next we show how to decide the class of flat clauses in NEXPTIME. This is well 
known when the maximal arity r is a constant, or when all non-trivial literals in a clause 
have the same sequence (instead of the same set) of variables. But we are not aware 
of a proof of NEXPTIME upper bound in the general case. We show how to obtain 
NEXPTIME upper bound in the general case, by doing resolution modulo proposi- 
tional reasoning. While this constitutes an interesting result of its own, the techniques 
allow us to deal with the full class C efficiently. Also this shows that the general- 
ity of the class C does not cost more in terms of complexity. An e-block is a one- 
variable clause which contains only trivial literals. A complex clause C is a flat clause 
yi^i ±iPi{fi{x\, . . . , xl^.)) V Vj=i ^jQji^j) in which fc > 1. Hence a flat clause is 
either a complex clause, or an e-clause which is defined to be a disjunction of e-blocks, 
i.e. to be of the form i?i [cci] U . . . U Bn [xn] where each Bi is an e-block. e-clauses are 
difficult to deal with, hence we split them to produce e-blocks. Hence define e-splitting 
as the restriction of the splitting rule in which one of the components is an e-block. 

Recall that r is the maximal arity of symbols in S. Upto renaming, any complex 
clause C is such that fv(C) C X,- = {xi, . . . , x^}, and any e-block C is such that 
fv(C) C {xr+i}. The choice of Xr+i is not crucial. Now notice that ordered resolution 
between complex clauses and e-blocks only produces flat clauses, which can then be 
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split to be left with only complex and e-blocks. E.g. Resolution between 

Pl(xi) V -F2(X2) V P3(/(X1,X2)) V -P4(5(X2,X1)) 

and 

P4(g(xi,Xi)) V -P5(/^(xi)) VP6(xi) 

produces 

Pi(xi) V -P2(xi) V P3(/(xi,xi)) V -PsWxi)) V P6(xi) 
Resolution between 

P2(x,+l) and -P2(/(X1,X2)) VP3(xi) VP4(X2) 

produces P3 (xi ) VP4 (x2 ) which can then be split. The point is that we always choose a 
non-trivial literal from a clause for resolution, if there is one. As there are finitely many 
complex clauses and e-blocks this gives us a decision procedure. Note however that the 
number of complex clauses is doubly exponential. This is because we allow clauses 
of the form Pi(/i(xi,Xi,X2)) V P2(/2(x2, xj)) V P3(/3(x2, Xi, X2)) V i.e. the 
nontrivial terms contain arbitrary number of repetitions of variables in arbitrary order. 
The number of such variable sequences of r variables is exponentially many, hence the 
number of clauses is doubly exponential. Letting the maximal arity r to be a constant, 
or forcing all non-trivial literals in a clause to have the same variable sequence would 
have produced only exponentially many clauses. In presence of splitting, this would 
have given us the well-known NEXPTIME upper bound, which is also optimal. But 
we are not aware of a proof of NEXPTIME upper bound in the general case. To obtain 
NEXPTIME upper bound in the general case we introduce the technique of resolution 
modulo propositional reasoning. 

For a clause C, define the set of its projections as n{C) = C[Xr]. Essentially 
projection involves making certain variables in a clause equal. As we saw, resolu- 
tion between two complex clauses amounts to propositional resolution between their 
projections. Define the set U = {/(.ti, . . . , a;„) | / G S and each Xj G X,,} of size ex- 
ponential in r. Resolution between e-block Ci and a good complex clause C2 amounts 
to propositional resolution of a clause from C[U] with C2. Also note that propositional 
resolution followed by further projection is equivalent to projection followed by propo- 
sitional resolution. Each complex clause has exponentially many projections. This sug- 
gests that we can compute beforehand the exponentially many projections of complex 
clauses and exponentially many instantiations of e-blocks. All new complex clauses 
generated by propositional resolution are ignored. But after several such propositional 
resolution steps, we may get an e-clause, which should then be split and instantiated 
and used for obtaining further propositional resolvents. In other words we only com- 
pute such propositionally implied e-clauses, do splitting and instantiation and iterate 
the process. This generates all resolvents upto propositional implication. We now for- 
malize our approach. We start with the following observation which is used in this and 
further sections. 

Lemma 6 Let xi, . . . ,Xn,yi, ■ ■ ■ ,yn be variables, not necessarily distinct, but with 
{xi, . . . , Xn} n {yi, . . . , y„} = 0. Then the terms f{xi, . . . , x„) and f{yi, . . . , y„) 
have an mgu a such that {xi, . . . , a;„}cr C {xi, . . . , andyiO = Xiofor 1 < i < n. 
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For a set S of clauses, comp(5') is the set of complex clauses in S, eps{S) the 
set of e-blocks in S, 7r{S) = Uces^(<^) ™d KS) = 7r(comp(5)) U eps(5)[xr+i] U 
eps(5)[U]. For sets S and T of complex clauses and e-blocks, 5 C T means that; 

- if C S 5 is a complex clause then l(T) Np 7r(C), and 

- if C S 5 is an e-block then C[xr+i] € eps(r)[xr+i]. 

For tableaux 7i and T2 involving only complex clauses and e-blocks we write 7i □ 72 
if Ti can be written as S*! | . . . | S'„ and T2 can be written as Ti | ... | r„ (note 
same n) such that Si C Ti for 1 < i < n. Intuitively 72 is a succinct representation 
of Ti . Define the splitting strategy as the one which repeatedly applies e-splitting 
on a tableau as long as possible. The relation =>^,0 provides us a sound and complete 
method for testing unsatisfiability. We define the alternative procedure for testing un- 
satisfiability by using succinct representations of tableaux. We define ► by the rule: 
T I 5 ► r I SU{Bi} I ... I 5U{Sfc} whenever 1(5) C = Bi[x,;JU. . .UBfc[xiJ, 
C is an e-clause, and 1 < ii, . . . , ?fc < r + 1. Then ► simulates 

Lemma 7 If S is a set of complex clauses and e-blocks, 5* C T and S =>^,0 T, then 
all clauses occurring in T are complex clauses or e-blocks and T ►* T' for some T 
such that T C T'. 

Proof: We have the following ways in which T is obtained from S by doing one 
resolution step followed by splitting: 

• We resolve two e-blocks Ci and C2 of S to get an e-block C, and T = S U 
{C}. Then {Ci[xr+i], C2[xr+i]} Np C[xr+i]. Also as 5 C T we have 
{Ci[x,+i],C2[x,+i]} C eps(r)[x,+i]. Wehavel(r) Np C[x,+i]. Hence 
T ► T U {C[xr+i]} and clearly 5 U {C} C T U {C}. 

• We resolve an e-block Ci[xr+i] with a complex clause C2[xi, . . . ,Xr], both 
from S upto renaming, and we have Ci[xr+i] G eps(r)[xr+i] and l(r) Np 
7r(C2). By ordering constraints, we have Ci[x,,-|-i] = C([xr+i] V ±P(xr+i) 
and C2[xi, . . . , x,,] = ^P{f{xi, . . . , x„)) V C2[xi, . . . , x^] so that resolution 
produces C[xi, . . . , x^] = C[[f{xi, . . . , a;„)] VC2[xi, . . . , x^]. Clearly Ci[U]U 
{C2[xi, . . . ,x,]} Np C[xi, . . . ,x,]. Also7r(Ci[U]) = Ci[U]. Hence l(T)Ci[U]U 
7t{C2) Np7r(C) D {C[xi,...,x,]}. 

- If C[ is not empty or if C2 has some non-trivial literal then C is a complex 
clause and r = 5 U {C} C T. 

- If C[ is empty and has only trivial literals then C[xi, . . . ,Xr] is an 
e-clause of the form _Bi[xiJ U . . . U Bkixi^] with 1 < ii, . . . ,ik < r. 
T = SU {Bi} \ ... \ SU {Bk}. Since l(T) Np C[xi, . . . ,x^], hence 
T ► r' where T' = T U {SJ | . . . | T U {B^} and we have T □ T'. 

• We resolve two complex clauses Ci[xi, . . . , x,.] and C2[xi, . . . , x^], both from 
S upto renaming, and we have l(r) Np 7r(Ci) and l(r) Np 7r(C2). First we 
rename the second clause as C2[xr+i, . . . , X2r] by applying the renaming ao = 
{xi 1-^ Xr+i, . . . ,Xr t-^ X2r}. By Ordering constraints, Ci[xi, . . . ,Xr] is of 
the form C([xi, . . . ,Xr] V ±P{f{xi, . . . ,Xn)) and C2[x,.+i, . . . ,X2r] is of the 



12 



form =fP(/(2/i, . . . ,y„)) V C2[x,.+i, . . . ,X2r] so that ±P{f{xi, . . . ,x„)) and 
-fP{.f{yi , ■ ■ ■ , Un)) the literals to be resolved from the respective clauses. By 
Lemma|SJ the resolvent is C = ^([xi, . . . ,Xr](T V C2[xr+i, . . . ,X2r]o' where 
(T is such that {xi, . . . , a;„}cr C {xi, . . . , x„} and j/icr = Xia for 1 < i < n. 
C is obtained by propositional resolution from Ci[xi, . . . ,Xr]a G "^{Ci) and 
C2[xr+i, . . . ,X2r]cr = C2[xi, . . . ,Xr]cro(T G 7r(C2). Hence 7r(Ci) U 7r(C2) Np 
C[xi, . . . ,x^]. Hence 7r(7r(Ci)) U 7r(7r(C2)) = 7r(Ci) U 7r(C2) Np tt{C). As 
l(r) Np ^(Ci) and l(T) Np ^(Ca). hence l(r) Np ^(C) D {C[xi, . . . ,x,])}. 

- If either C[ or C2 contains a non-trivial literal then C is a complex clause 
and T = 5* U {C} C T. 

- If C'l and C2 contain only trivial literals then C[xi, . . . , x^] is an e-clause 
of the form Si[xiJ U . . . U ^^[XiJ with 1 < h, . . . ,ik < r. T = S U 
{Bi} I ... I 5 U {Bk}. As l(r) Np C[xi, . . . , X,.] we have T ► T' where 
T' = T U {Si} I . . . I T U {Sfc}. Also T □ T'. 

• C[xi, . . . ,Xr] is a renaming of a complex clause in S, and we factor C[xi, 
. . . , Xr] to get a complex clause C[xi, . . . , x^Jcr where X^cr C X^, and T = 
S'U{C[xi, . . .,Xr]a}. C[xi, . . .,Xr]a e tt{C). Hence 7r({C[xi, . . . ,Xr]<j}) Q 
7r(7r(C)) = 7r(C). As 5 □ T hence l(T) Np 7r(C). Hence l(r) Np 7r({C[xi, 
...,x/]cr}). Hence we have T ^ S U {C[xi, . . . ,Xr]a} Q T. □ 

Hence we have completeness of 

Lemma 8 If a set S of good complex clauses and e-blocks is unsatisfiable then S >■* T 
for some closed T. 

Proof: By Lemma[Tl S =^l^ ^ Si \ . . . \ Sn such that each S'i 9 □. As 5" C S", hence 
by Lemmalll we have some Ti, . . . , T„ such that 5 ►* Ti | ... | r„ and Si C T, for 
1 < i <n. Since U £ Si and □ is an e-block, hence □ G T; for 1 <i <n. □ 

Call a set S of complex clauses and e-blocks saturated if the following condition 
is satisfied: if \{S) Np i?i[xij U . . . U i3fe[xi^.] with 1 < ii, . . . , ifc < r + 1, each fi; 
being an e-block, then there is some 1 < j <k such that Bj [x^+i] G 5[xr+i]. 

Lemma 9 /fS* is a satisfiable set of complex clauses and e-blocks then S >■* T \ T for 
some T and some saturated set T of complex clauses and e-blocks, such that □ ^ T. 

Proof: We construct a sequence S ~ Sq Q Si C S'2 C ... of complex clauses 
and e-blocks such that Si is satisfiable and Si ►* Si+i \ % for some % for each i. 
S = Sq\s satisfiable by assumption. Now assume we have already defined Sq, . . . , Si 

and 7^), ... , 7^_i. Let C' = B[[x^i ] U . . . U ^[[x,, ] for 1 < ^ < TV be all the possible 

1 fc, 

e-clauses such that \{Si) Np C\ 1 < i{, ■ ■ ■ ,1^^ < ?' + 1. Since Si is satisfiable, 
Si U {C' I 1 < ^ < N} is satisfiable. Since Xji^, . . . ,Xji^ are mutually distinct for 

I <l < N, there are 1 < j/ < A:/ for 1 < / < TV such that S", U {Bj^ \ I < I < N} 
is satisfiable. Let Si+i ^ SiU {Bj^ | 1 < ^ < N}. Si+i is satisfiable. Also it is clear 
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that Si ►* Si-^i I % for some %. If Si+i = Si then 5'; is saturated, otherwise Si+i 
has strictly more e-blocks upto renaming. As there are only finitely many e-blocks 
upto renaming, eventually we will end up with a saturated set T in this way. Since 
T is satisfiable, □ ^ T. From construction it is clear that there is some T such that 

5 ►* r I T. □ 

Theorem 3 Satisfiability for the class T is NEXPTIME-complete. 

Proof: The lower bound comes from reduction of satisfiability of positive set con- 
straints which is NEXPTIME-complete [I |. For the upper bound let 5 be a finite set 
of flat clauses. Repeatedly apply e-splitting to obtain f{S) ~ Si \ ... | Sm- S is 
satisfiable iff some Si is satisfiable. The number m of branches in f{S) is at most ex- 
ponential. Also each branch has size linear in the size of S. We non-deterministically 
choose some Si and check its satisfiability in NEXPTIME. 

Hence wlog we may assume that the given set S has only complex clauses and 
e-blocks. We non-deterministically choose a certain number of e-blocks Bi, . . . , Bm 
and check that T = 5*1 U {Bi, . . . , Bat} is saturated and □ ^ T. By Lemma|9l if S is 
satisfiable then clearly there is such a set T. Conversely if there is such a set T, then 
whenever T ►* T, we will have T = T \ T' for some T'. Hence we can never have 
T >■* T where T is closed. Then by Lemma|8]we conclude that T is satisfiable. Hence 
5* C r is also satisfiable. 

Guessing the set T requires non-deterministically choosing from among exponen- 
tially many e-blocks. To check that T is saturated, for every e-clause C = i3i[xij U 
. . . U Bfc[x,J, with 1 < ii, . . . , ifc < r + 1, and Sj [xr+i] ^ r[x^+i] for 1 < j < 
fc, we check that l(T) J^p C, i.e. \{T) U is propositionally satisfiable (where 
-i(Li V. . .\/Ln) denotes . . . , — L„}). This can be checked in NEXPTIME since 

propositional satisfiability can be checked in NPTIME. We need to do such checks for 
at most exponentially many possible values of C. □ 



6 Combination: Ordered Literal Replacement 

Combining flat and one-variable clauses creates additional difficulties. First observe 
that resolving a one variable clause Ci V ±P(/(si[a:], . . . , s„[a;])) with a complex 
clause ^P{f{xi, . . . ,Xn)) V C2 produces a one-variable clause. If Si[x] = Sj[x] for 
all Xi — Xj, and if C2 contains a literal P{xi) then the resolvent contains a literal 
P{si[x]). The problem now is that even if f{si[x], . . . , s„[a:;]) is reduced, Si[x] may 
not be reduced. E.g. /(g(/i(x)), x) is reduced but (7(/i(a;)) is not reduced. Like in 
Sectionl^we may think of replacing this literal by simpler literals involving fresh pred- 
icates. Firstly we have to ensure that in this process we do not generate infinitely many 
predicates. Secondly it is not clear that mixing ordered resolution steps with replace- 
ment of literals is still complete. Correctness is easy to show since the new clause is in 
some sense equivalent to the old deleted clause. However deletion of clauses arbitrarily 
can violate completeness of the resolution procedure. The key factor which preserves 
completeness is that we replace literals by smaller literals wrt the given ordering <. 

Formally a replacement rule is of the form Ai A2 where Ai and A2 are (not nec- 
essarily ground) atoms. The clause set associated with this rule is {^1 V — A2, ^Ai V 
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A2}. Intuitively such a replacement rule says that Ai and A2 are equivalent. The 
clause set cl (TZ) associated with a set TZ of replacement rules is the union of the clause 
sets associated with the individual replacement rules in TZ. Given a stable ordering 
< on atoms, a replacement rule Ai A2 is ordered iff A2 < Ai. We define the 
relation —>-tz as: S —>-n {S \ {±Aia V C}) U {±^20- V C} whenever is a set of 
clauses, ±Ai(j \/C€S,Ai-^A2^TZ and a is some substitution. Hence we replace 
literals in a clause by smaller literals. The relation is extended to tableaux as usual. 
This is reminiscent of the well-studied case of resolution with some equational theory 
on terms. There, however, the ordering < used for resolution is compatible with the 
equational theory and one essentially works with the equivalence classes of terms and 
atoms. This is not the case here. 

Next note that in the above resolution example, even if f{si[x], . . . , s„ [x] ) is non- 
ground, some Si may be ground. Hence the resolvent may have ground as well as 
non-ground literals. We avoided this in Section |3 by initial preprocessing. Now we 
may think of splitting these resolvents during the resolution procedure. This how- 
ever will be difficult to simulate using the alternative resolution procedure on suc- 
cinct representations of tableaux because we will generate doubly exponentially many 
one-variable clauses. To avoid this we use a variant of splitting called spUtting-with- 
naming 1151 . Instead of creating two branches after splitting, this rule puts both com- 
ponents into the same set, but with tags to simulate branches produced by ordinary 
splitting. Fix a finite set P of predicate symbols. P-clauses are clauses whose pred- 
icates are all from P. Introduce fresh zero-ary predicates C for P-clauses C mod- 
ulo renaming, i.e. Ci = C2 iff Cict = C2 for some renaming a. Literals ±C 
for P-clauses C are splitting literals. The splitting-with-naming rule is defined as: 
S ^nspi {S \ {Cl U C2}) U {Cl V -C^,C^ V C2} where Ci U C2 G S, C2 is 
non-empty and has only non-splitting literals, and Ci has at least one non-splitting 
literal. Intuitively C2 represents the negation of C2. We will use both splitting and 
splitting-with-naming according to some predefined strategy. Hence for a finite set Q 
of splitting atoms, define Q-splitting as the restriction of the splitting-with-naming rule 
where the splitting atom produced is restricted to be from Q. Call this restricted rela- 
tion as — >g_nspi- This is extended to tableaux as usual. Now once we have generated 
the clauses Ci V — C2 and C2 V C2 we would like to keep resolving on the second 
part of the second clause till we are left with the clause C2 (possibly with other posi- 
tive splitting literals) which would then be resolved with the first clause to produce Ci 
(possibly with other positive splitting literals) and only then the literals in Ci would 
be resolved upon. Such a strategy cannot be ensured by ordered resolution, hence we 
introduce a new rule. An ordering < over non-splitting atoms is extended to the order- 
ing <s by letting q <s A whenever g is a splitting atom and ^ is a non-splitting atom, 
and A B whenever A, B are non-splitting atoms and A < B. We define modified 
ordered binary resolution by the following rule: 

Cl V A - B V C2 

ClCT V C2CT 

where a = •mgu{A, B) and the following conditions are satisfied: 

(1) Cl has no negative splitting literal, and A is maximal in Ci. 

(2) (a) either B e Q, or 
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(b) C2 has no negative splitting literal, and B is maximal in C2. 
As usual we rename the premises before resolution so that they don't share variables. 
This rule says that we must select a negative splitting literal to resolve upon in any 
clause, provided the clause has at least one such literal. If no such literal is present in the 
clause, then the ordering <s enforces that a positive splitting literal will not be selected 
as long as the clause has some non-splitting literal. We write S ^<^, S U {C} to say 
that C is obtained by one application of the modified binary ordered resolution or the 
(unmodified) ordered factorization rule on clauses in S. This is extended to tableaux 
as usual. A Q- splitting- replacement strategy is a function </) such that T {-^ Q^nspi 
U — >spi U — >7j)*(/)(T) for any tableaux T. Hence we allow both normal splitting 
and Q-splitting. Modified ordered resolution with Q-splitting-replacement strategy </> 
is defined by the relation: S 7^ (t){T) whenever S U cl{Tl) T. This 

is extended to tableaux as usual. The above modified ordered binary resolution rule 
can be considered as an instance of ordered resolution with selection (2, which is 
known to be sound and complete even with splitting and its variants. Our manner of 
extending < to <s is essential for completeness. We now show that soundness and 
completeness hold even under arbitrary ordered replacement strategies. It is not clear 
to the authors if such rules have been studied elsewhere. Wlog we forbid the useless 
case of replacement rules containing splitting symbols. The relation < is enumerable 
if the set of all ground atoms can be enumerated as Ai,A2,... such that if Ai < Aj 
then i < j. The subterm ordering is enumerable. 

Theorem 4 Modified ordered resolution, wrt a stable and enumerable ordering, with 
splitting and Q-splitting and ordered literal replacement is sound and complete for 
any strategy. I.e. for any set S of "^-clauses, for any strict stable and enumerable 
partial order < on atoms, for any set TZ of ordered replacement rules, for any finite 
set Q of splitting atoms, and for any Q-splitting-replacement strategy (j), S U cl{7V) is 
unsatisfiable iff S ^ ^ T for some closed T. 

Proof: See AppendixlEI 

For the rest of this section fix a set § of one-variable P-clauses and complex P- 
clauses whose satisfiability we need to decide. Let Ng be the set of non-ground 
terms occurring as arguments in literals in the one-variable clauses of §. We re- 
name all terms in Ng to contain only the variable x^+i. Wlog assume x^+i G Ng. 
Let Ngs be the set of non-ground subterms of terms in Ng, and Ngr = {s[xr+i] | 
s is non-ground and reduced,and for some t, s[t] G Ngs}. Define Ngrr = {.si [. . . \sm 
] . . .] I si[. . . [s„] . . .] e Ngs, m < n, and each Si is non-trivial and reduced}. Define 
the set of predicates Q = {Ps \ P g P, s G Ngrr}. Note that P C Q. Define 
the set of replacement rules TZ = {Psi . . . Sm.-i{sm[^r+i]) Psi ■ ■ ■ Sm([xr+i] 
) I Psi . ■ ■ Sm G Q}. They are clearly ordered wrt -<. Let G be the set of ground sub- 
terms of terms occurring as arguments in literals in S. Define the set Qo = {^P{t) \ 
P G P, i G G} of splitting atoms. Their purpose is to remove ground literals from 
a non-ground clause. All sets defined above have polynomial size. Let Q ^ Qo 
be any set of splitting atoms. For dealing with the class C we only need Q — Qo, 
but for a more precise analysis of the Horn fragment in the next Section, we need Q 
to also contain some other splitting atoms. We also need the set Ngri = {x^+i} U 
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{/(si, . . . , s„) I 3g{ti, . . . ,t,„) e Ngr • {si, . . . , s„} = {ii, ...,*,„}} which has 
exponential size. These terms are produced by resolution of non-ground one-variable 
clauses with complex clauses, and are also reduced. In the ground case we have the 
set Gi = {/(si, . . . , s„) I 3g{ti,...,tm) e G | {si,...,s„} = {ii, . . . , t^}} of 
exponential size. For a set P' of predicates and a set U of terms, the set F'[U] of atoms 
is defined as usual. For a set V of atoms the set —V and ±.V of literals is defined as 
usual. The following types of clauses will be required during resolution: 

(CI) clauses C W D, where C is an e-block with predicates from Q, and D C ±Q. 

(C2) clauses C W D where C is a renaming of a one-variable clause with literals from 
±iQ(Ngri), C has at least one non-trivial literal, and D C ±Q. 

(C3) clauses CWD where C is a non-empty clause with literals from ±Q(Ngri[Ngrr[Gi]]), 
andD C ±Q. 

(C4) clauses C D where C = Vti ±^P^{f^{x\, <J) V Vj=i ±jQj{xj) is a 
complex clause with each Pi G Q, each rii > 2, each Qj E P and D C ±Q 

We have already argued why we need splitting literals in the above clauses, and why 
we need Ngri instead of Ngr in type C2. In type C3 we have Ngrr in place of the set 
Ngs that we had in Section|3 to take care of interactions between one-variable clauses 
and complex clauses. In type C4 the trivial literals involve predicates only from P (and 
not Q). This is what ensures that we need only finitely many fresh predicates (those 
from Q \ P) because these are the literals that are involved in replacements when this 
clause is resolved with a one-variable clause. We have also required that each jii > 2. 
This is only to ensure that types C2 and C4 are disjoint. The clauses that are excluded 
because of this condition are necessarily of type C2. 

The Qo -splitting steps that we use in this section consist of replacing a tableau 
T I S" by the tableau T | (5 \ {C V i}) U {C V -L, L V L}, where C is non-ground, 
L e ±P(G) and C V L E S. The replacement steps we are going to use are of the 
following kind: 

(1) replacing clause Ci[x] = C V ±P(ti[. . . . . .]) by clause C2[x] = C V 

±Pti . . . tn{s[x])} where P E ¥, s[x,.+i] e Ngr is non-trivial, and ti[. . . [t„] . . .] g 
Ngrr. We have {C7i[x,+i]} U d(7^)[Ngrr] Np C2[x,+i]. 

(2) replacing ground clause Ci = C V ±P{ti[. . . [tn[g]] ■ ■ •]) by clause C2 = C V 
±Pti .. .t„[g]} where P S P,g G Ngrr[Gi] and <i [. . . [t„] . . .] G Ngrr. This replace- 
ment is done only when ti[. . . [tnL?]] • • •] £ Ngrr[Ngrr[Gi]] \ Ngri[Ngrr[Gi]]. We have 
{Cl}Ud(7^)[Ngrr[Ngrr[Gl]]] Np C2. 

Define the Qo-splitting-replacement strategy cj) as one which repeatedly applies first 
e-splitting, then the above Qo-splitting steps, then the above two replacement steps till 
no further change is possible. Then ^ gives us a sound and complete method 
for testing unsatisfiability. 

As in Section|5]we now define a succinct representation of tableaux and an alterna- 
tive resolution procedure for them. As we said, a literal L G Qo represents —L. Hence 
for a clause C we define C_ as the clause obtained by replacing every ±L by the literal 
=FL. This is extended to sets of clauses as usual. Observe that if S* Np C then S_ Np C_. 
As before U = {f{xi, . . . , Xn) | / G S, and each Xi G X^}. The functions eps and 
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comp of Section|5lare now modified to return clauses of type CI and C2 respectively. 
For a set S of clauses, define ov(S') as the set of clauses of type C2 in S. The function tt 
is as before. We need to define which kinds of instantiations are to be used to generate 
propositional implications. For a clause C, define 

h{C) - C[U[Ngrr U Ngrr[Ngrr[Gi]]]] U C[Ngri] U C[Ngri[Ngrr[Gi]]] 

12(C) = {C[x,+i]}UC[Ngrr[Gi]] 

13(C) = {C} 

14(C) = 7r(C) U C[Ngrr U Ngrr[Ngrr[Gi]]] 

The instantiations defined by 1; are necessary for clauses of type Ci. Observe that 
C[U] C li(C). For a set S of clauses, define k{S) = Uces H^)- For a set S of 
clauses of type C1-C4 define I (S") = li( eps(5') )Ul2( ov(5) )Ul3( gr(5') )Ul4( comp(5') )U 
d(7?.)[NgrrUNgrr[Ngrr[Gi]]]. Note that instantiations of clauses in cl{TZ) are necessary 
for the replacement rules, as argued above. For a set T of clauses define the following 
properties: 

• C satisfies property Ply iff C[xr+i] G T. 

• C satisfies property P2t iff l(r) Np hiC). 

• C satisfies property P3t iff l(r) Np 13(C). 

• C satisfies property P4t iff l(r) Np 14(C). 

For sets of clauses S and T, define 5 C T to mean that every C G 5 is of type 
Ci and satisfies property Pir for some 1 < ? < 4. This is extended to tableaux as 
usual. We first consider the effect of one step of the above resolution procedure without 
splitting. Accordingly let (po be the variant of cj) which applies replacement rules and 
Qo-splitting, but no e-splitting. 

Lemma 10 Let S be a set of clauses of type C1-C4. If S ^^^.^^.t^ S' then one of the 
following statements holds. 

• S' \=S 

• S" = S" U {C} U S", C is a renaming o/Bi [x; J U . . . U Bk [x^^^ ] U D, each Bi is 
an e-block, 1 < ii, ■ ■ ■ ,ik ^ f, D <Z ±Q, \{S) Np C, and S" is a set of clauses 
of type C3 and Np iS*" . If k >2 then D has no literals —q with q € Q \ Qq. 

Proof: The set S" in the second statement will contain the clauses L V L added by 
Qo-splitting, while C will be the clause produced by binary resolution or factoring, 
possibly followed by applications of replacement rules and by replacement of ground 
literals L by —L. Hence S" = in all cases except when we need to perform Qo- 
splitting. 

First we consider resolution steps where splitting literals are resolved upon. A 
positive splitting literal cannot be chosen to resolve upon in a clause unless the clause 
has no literals other than positive splitting literals. Hence this clause is C\ = q\/ qi \/ 
... V qm, of type CI, The other clause must be C2 = C2 V ~q of type Ci for some 
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1 < I < 4. Resolution produces clause C = C2 V qi V . . . V (7,„ of type Ci, and no 
replacement or splitting rules apply. We have {Ci, C2} l=p C and {Ci, C2} Np C_. 
Hence \[S) 3 Ci U li(C2) Np If i = 1 then the second statement of the lemma 

holds because contains a renaming of C. If i > 1 then the first statement holds. 

Now we consider binary resolution steps where no splitting literals are resolved 
upon. This is possible only when no negative splitting literals are present in the 
premises. Then the resolvent has no negative splitting literals. Qo splitting may create 
negative splitting literals, but none of them are from Q \ Qo- Hence the last part of 
the second statement of the lemma is always true. In the following D,Di, . . . denote 
subsets of Qo. When we write C V 13, it is implicit that C has no splitting literals. We 
have the following cases: 

1. We do resolution between two clauses Ci and C2 from S, both of type CI, and 
the resolvent C is of type CI. Hence no splitting or replacement rules apply, 
S' = SU {C}, \{S) D {Ci[x,.+i], C2[x^+i]} Np C[xr+i]. Hence the second 
statement holds. 

2. We do resolution between a clause Ci[xr+i] = C([xr+i] V Z^i V ±P(xr+i), 
of type CI, and a clause C2[xr+i] = ^P(t[xr+i]) V C2[xr+i] V D2, of type 
C2, both from S upto renaming, and the resolvent is C[xr+i] = C( [<[xr+i]] V 
C2[xr+i] V Di V D2- By ordering constraints t[xr+i] G Ngri is non-trivial. All 
literals in C([t[xr+i]] V 6*2 [xr+i] are of the form ±'(5(i'[xr+i]) witht'[xr+i] G 
Ngri. Hence no splitting or replacement rules apply and S" = SU{C}. Ci[Ngri]U 
{C2[x.+i]} Np C[^r+i]- Hence \{S) D h{Ci) U hiCh) 2 Ci [NgTI] U ^[ 
Ngri[Ngrr[Gi]]] U {C2[x,+i]} U C^[Ngrr[Gi]] Np {ax,+i]} U aNgrr[Gi]] = 
I2 (C[xr+i]). If C[ is non-empty or C2 has some non-trivial literal then C[xr+i] 
is of type C2, S' Q S and the first statement holds. If is empty and C2 has 
only trivial literals, then C is of type CI and the second statement holds. 

3. We do resolution between a clause Ci[xr+i] = C([x,.+i] V -Di V ±P(xr+i) 
of type CI, and a clause C2 = T-P(i) V V D2 of type C3, both from 5" 
upto renaming, and the resolvent is C = C'i[t] V C2 V £>! V Z32- We know 
that t G Ngri[Ngrr[Gi]]. Hence no splitting or replacement rules apply, and 
S' = SU{C}. {Ci[t],C2} Np C. Hence 1(5) D li(Ci[x,+i]) U hiCh) 3 
C;i[Ngri[Ngrr[Gi]]] U {C2} Np 13(6;) = {C}. If Ci or is non-empty, then 
C[x,.+i] is of type C3, S" C S* and the first statement holds. If C[ and C2 are 
empty then C is of type CI and the second statement holds. 

4. We do resolution between a clause Ci[xr+i] = C([xr+i] V -Di V ±P(xy.+i) of 
type CI, and a clause C2[xi, . . . , x^] = ^P{xi, . . . , a;„) V [xi, . . . , x^] V JD2 
of type C4, both from S upto renaming, and the resolvent is C[xi, . . . , x^] = 
C[[f{xi, . . . ,Xn)] V C2[xi, . . . , Xr] V Di V D2. (By ordering constraints we 
have chosen a non trivial literal from C2 for resolution). No splitting or re- 
placement rules apply and S" = 5" U {C}. We have Ci [U] U {C2 [xi , . . . , x^] } 3 
{Ci_[f{xi, . . . ,a;„)],C2[xi, . . . ,Xr]} Np C[xi, . . . ,x,.]. Hence Ci[U]U7r(C2[xi, 
...,x,]) Np ^(C:[xi,...,x,]) andC;i[U[NgrrUNgrr[Ngrr[Gi]]] UC^[NgrrU 
Ngrr[Ngrr[Gi]]]) Np C[NgrrUNgrr[Ngrr[Gi]]]. Hence 1(5) D li(Ci)Ul4(^) Np 
14(C). 
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• Suppose C[ is non-empty or C2 has some non-trivial literal. Then C is of 
type C4. The only trivial literals in C[xi , . . . , x^] are those in C2 [xi , . . . , x,.] 
and hence they involve predicates from P. Hence C[xi , . . . , x^] if of type 
C4 and the first statement holds. 

• Suppose C[ is empty and C2 has only trivial literals. Then C[xi , . . . , x^] = 
Bi[x,J U . . .UBfc[x,J VDi VDs where 1 < «i, . . . , ife < r, and each 

is an e-block. The second statement holds. 

5. We do resolution between a clause Ci [x^+i] = C[ [x,.-(_i] V Di V ±P{s[xr+i]) 
and a clause C2[xr+i] = ^P(t[xr+i]) V C2[xr+i] V D2, both of type C2, 
and both from S upto renaming, and the resolvent is C[xr+i] = C( [x,.-|_i](t V 
C2[xr+2]cr V Di V D2 where a = mgu{s[x.r+i], t[xr+2]) (we renamed the sec- 
ond clause before resolution). We know that s[xr+i], <[xj.+i] G Ngri, and by 
ordering constraints both s and t are non-trivial. By Lemma|2lone of the follow- 
ing cases holds: 

• x,-+i(T = x,-+2cr = x,-+i. (7[xr+i] = C{[xr+i] V C2[xr+i]. Hcnce 
no splitting or replacement rules apply and S' ~ S U {C}. We have 
{Ci[xr+i], C2[xr+i]} Np C[xr+i]. Hence l2(Ci[x,.+i])Ul2(C2[xr+i]) Np 
l2(ti[xr+i]) 9 C[xr+i]. If C'l or C2 contains some non-trivial literal then 
C[xr+i] is of type C2 and the first condition holds. If C[ and C2 contain 
only trivial literals then C is of type CI and the second condition holds. 

• x^+icr, Xr+2tT e Ngrr[G] C Ngrr[Gi]. Then every literal in C[x,.-|_i] is of 
the form ±'Q{u) with u G Ngri[Ngrr[Gi]]. No splitting or replacement 
rules apply and S' = S U {C}. {{S) D Ci [Ngrr[Gi]] U C^[Ngrr[Gi]] Np 
{C_} = 13(C). If C'l or 6*2 is non-empty then C is of type C3 and the 
first statement holds. If C[ and are empty then C is of type CI and the 
second statement holds. 

6. We do resolution between a clause Ci [x^+i] = C( [x,.+i] V Di V ±P(s[xr+i]) 
of type C2, and a ground clause TP{t) V C2 V 1)2 of type C3, both from S upto 
renaming, and the resolvent is C = C([xr+i](T V C2 V Z^i V D2 where cr is a 
unifier of s[xr+i] and t. We know that s[xr+i] G Ngri, t G Ngri[Ngrr[Gi]], and 
by ordering constraints, s is non-trivial. We have the following cases: 

• i G Gi. Then x,+i(t is a strict subterm of t hence x^+icr G G C Ngrr[Gi]. 

• i G Ngri[Ngrr[Gi]] \ Gi. Hence we have t = ti[t'] for some non-trivial 
ii[xr+i] G Ngri and some t' G Ngrr[Gi]. Let s' = x,.+i(t. As s[s'] = 
ti [t'] hence s[x,.-)_i] and ti [xr+2] have a unifier a = {x,,+i 1-^ s', x,.+2 
t'}. From Lemma|2] one of the following is true: 

- s[x,.+i] = ii[x,.+i]. Hence we have Xr+itr = s' = <' G Ngrr[Gi]. 

- Xr+iCTi, x,.+2a'i G Ngrr[G] C Ngrr[Gi]. Hence s' G Ngrr[Gi]. 

In each case we have Xr+icr = s' G Ngrr[Gi]. Hence all hterals in Ci[xr+i](T 
are of the form ±(3(t) witht G Ngri[Ngrr[Gi]]. All literals in are of the form 
zk'Q{t) with t G Ngri[Ngrr[Gi]]. Hence no splitting or replacement rules apply 
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and S' ^SU {C}. 1(5) D bCCi [x,+i]) U ^(t^) 2 Ci[Ngrr[Gi]] U {C2} Np 
{C} = 13(C). If C'l or C2 is non-empty then C is of type C3 and the first 
statement holds. If C[ and C2 are empty then C is of type CI and the second 
statement holds. 

7. We do resolution between a clause Ci[x,.+i] = C([xr+i] VDi V±P(.s[x,,+i]) of 
type C2, and a clause C2[xi, . . . , x^] = ^P(/(a;i, . . . , a;„)) V [xi, . . . , x^] V 
D2 of type C4, both from 5 upto renaming, and ±P(s[xr+i]) and ^P{f{xi, 
. . . , x„)) are the literals resolved upon from the respective clauses. (By ordering 
constraints we have chosen a non-trivial literal to resolve upon in the second 
clause). By ordering constraints s[xr+i] G Ngri is non-trivial. Hence we have 
the following two cases for s[x,.-(_i] = /(si[xr+i], . . . , s„[xr+i]). 

• Wehavesomel < i,j < nsuchthatXi = a::^ but Si[xr+i] 7^ Sj[x,.-|_i]. By 
Lemma|31 the only possible unifier of the terms s[x,,_|_i] and f{xi , . . . , x„) 
is a such that x,.+i(t = .9 is a ground subterm of Sj or sj and Xk<7 = 
Sk[g] for 1 < fc < n. As s[xr+i] G Ngri, we have g G G and each 
s/j[xr+i] € Ngrr U G. Hence Xr+icr G G and each Xkcr G Ngrr[G] U 
G C Ngrr[Gi]. The resolvent C C[[xr+i]cT U Caixi, . . . ,Xr]cr V Di V 
D2 is ground. Each literal in C([xr+i](T is of the form ±'Q(t) with t G 
Ngri[G] C Ngri[Ngrr[Gi]]. Each literal in C2[xi, . . . ,Xr](J is of the form 
±'Q{t) where the following cases can arise: 

-t = f'{xi^,. . . ,Xi,^)a such that {xii a:;i,„ } = {xi, . . . , a;„}. 
Thent = /'(s,,,...,s,„J[g] G Ngri[Gi] C Ngri[Ngrr[Gi]]. 

- t = Xkcr G Ngrr[Gi] C Ngri[Ngrr[Gi]] for some 1 < fc < n, where 
the literal :^'Q{xk) is from C2. 

We conclude that all non-splitting literals in C are of the form ±'Q{t) with 
t G Ngri[Ngrr[Gi]], and no splitting or replacement rules apply. We have 
S' = Sy^{C}. \[S) D l2(Ci[x,+i])Ul4(C^[xi, . . . ,x,]) D Ci[Ngrr[Gi]]U 
C^[Ngrr[Gi]] l=p {C} = 13(C). lfC( orC^is non-empty then C is of type 
C3, and the first statement holds. If and C2 are empty then C of type 
CI and the second condition holds. 

• For all 1 < i,j < n, if Xi — xj then Si[xr+i] = Sj[xr+i]. Then 
s[xr+i] and f{xi, . . . ,Xn) have mgu a such that Xk.a ~ Sfc[x,.+i] G 
Ngrr U G for 1 < fc < 71 and xa = x for x ^ {xi, . . . , Xn}- The re- 
solvent C[xr+i] = C{ [x,.-|.i] V Cjcr V Di V D2 is a one-variable clause. 
{Ci[xr+i]} U C2[Ngrr U G] Np C[x,.+i]. All Hterals in C([x^+i] are of 
the form ±'Q{t) with t G Ngri, and no replacement rules apply on them. 
All literals in C2[xi, . . . ,x,,](t are of the form ±'Q(i[xr+i]) where the 
following cases can arise: 

- t[^r+i] = f'{xn,. ■ . ,a;j„)cr such that {xii, . . ■,Xi^} = {xi,.. . ,a;„}. 
Then t[x,._|_i] G Ngri. No replacement rules apply on such a literal. 

- t[xr+i] = Xk<J = Sfc[xr+i] G Ngrr for some 1 < fc < rt, where the lit- 
eral ±'Q (a; fe) is from C2. Hence we must have Q G P. LetSfe[x,.+i] = 
ti[. . . [ip[xr+i]] . . .] for some p > where each <i[x,._|-i] G Ngr is 
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non-trivial and reduced. Such a literal is replaced by the literal ±' 
Qti . . . tp_i(tp[xr+i]) and we know that tp G Ngr C Ngri. This 
new clause is obtained by propositional resolution between the former 
clause and clauses from d(7?.)[Ngrr]. 

- t[xr+i] = Xk<J = Sfe G G for some 1 < fc < n, where the literal 
±'Q{xk) is from C2. Hence we must have Q G P. No replacement 
rules apply on such a literal. If C contains only ground literals then 
this literal is left unchanged. Otherwise we perform Qo-splitting and 
this literal is replaced by the literal —±'Q{sk) and also a new clause 
C" = ±'Q{sk) V ±'g(sfc) of type C3 is added to S. If C" is the 
new clause obtained by this splitting then C!_ is clearly propositionally 
equivalent to the former clause. Also ~ T'Q(sfc) V ±'Q{sk) is a 
propositionally valid statement. 

We conclude that after zero or more replacement and splitting rules, we 
obtain a clause C"[x,.-|_i], together with a set S" of clauses of type C3, 
{C:[x^+l]}Ud(7^)[Ngrr] Np {0x^+1]}, Np S;^, and S" = SU{C'}US". 
{Ci[x,.+i]} U C2[Ngrr U G] U d(7^)[Ngrr] Np C:^[x,.+i]. Hence \{S) D 
l2(Ci)Ul4(^) 3 {Ci[x,+i]}UCi[Ngrr[Gi]]U^[NgrrUNgrr[Ngrr[Gi]]]U 
d(7^)[Ngrr] U d(7Z)[Ngrr[Ngrr[Gi]]] Np hi^) U Igl^) = C!_[i^r+i] U 
C^[Ngrr[Gi]] U S!!_. If C is of type C2 or C3 then the first statement holds. 
Otherwise C is of type CI and the second statement holds. 

8. We do resolution between a clause Ci ~ C[ V Di V ±P(s) and a clause C2 = 
=FP(s) V C2 V D2, both ground clauses of type C3 from S, and the resolvent is 
C — C[ y C2 W Di W D2- No replacement or splitting rules apply and we have 
S' = SU {C}. \{S) D {CTi, C^} Np \3{C) = {C}. If C[ or is non-empty 
then C is of type C3, and the first statement holds. If C[ and C2 are empty then 
C is of type CI and the second statement holds. 

9. We do resolution between a ground clause Ci = C( V Di V ±-P(s) of type 
C3, and a clause C2[xi, . . . ,Xr] = TPifi^i, . . . , a;„)) V C2[xi, . . . , x^] V D2 
of type C4, both from 5* upto renaming, and ±P(s) and ^P{f{xi, . . . ,a;„)) 
are the literals resolved upon from the respective clauses. We know that ,s G 
Ngri[Ngrr[Gi]]. Hence we have the following two cases for s. 

• s G Ngri[Ngrr[Gi]] \ Gi. Hence s must be of the form /(si, . . . ,s„)[(?] 
for some /(si, . . . , s„) G Ngri and some g G Ngrr[Gi] (The symbol / 
is same as in the literal ^P{f{xi, . . . , Xn)) otherwise this resolution step 
would not be possible). We have each Si G Ngrr U G. The mgu cr of s and 
f{xi, . . . ,Xn) is such that Xid = Si[g] G Ngrr[Ngrr[Gi]]. The resolvent 
C = C( V C2[xi, . . . , Xr]<J V Di V Z52 is a ground clause. All literals in 
C[ are of the form ±'Q{t) with t G Ngri[Ngrr[Gi]] hence no replacement 
rules apply on them. The literals in [xi , . . . , Xr]a are of the form ±'Q{t) 
where the following cases are possible: 

- t = f'{xi^, . . . ,Xi^)a where {xi^, . . . ,Xi^^} = {xi,. . . ,Xn}- Then 
f'{si^, . . . , Si^) G Ngri. Hence t G Ngri[Ngrr[Gi]]. No replacement 
rules apply on such a literal. 
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- t = Xi(j & Ngrr[Ngrr[Gi]] for some 1 < z < n. If t e Ngri[Ngrr[Gi]] 
then no replacement rules apply on this literal. Otherwise suppose 
t e Ngrr[Ngrr[Gi]]\Ngri[Ngrr[Gi]]. Wehavet - h[. . . [tp[t']] . . .] for 
some reduced non-trivial non-ground terms ti, ... ,tp £ Ngr with p > 
such that ti[. . . G Ngrr and t' G Ngrr[Gi], and the replace- 
ment strategy replaces this literal by the literal ±'Qti . . . tp-i(tp[i']), 
and we know that tp E Ngr C Ngri so that tp[t'] E Ngri[Ngrr[Gi]]. 
This new clause can be obtained by propositional resolution between 
the former clause and clauses from d(7?.)[Ngrr[Ngrr[Gi]]] 

We conclude that after zero or more replacement rules, we obtain a ground 
clause C, all of whose non-splitting literals are of the form ±'Q{t) with 
t E Ngri[Ngrr[Gi]], and which is obtained by propositional resolution 
from {C} U d(7^)[Ngrr[Ngrr[Gl]]]. No splitting rules apply and S' = 
SU{C'}. {Ci}UC^[Ngrr[Ngrr[Gi]]] Np Chence KS*) 2 l3(C;i)Ul4(C^)U 
d(7^)[Ngrr[Ngrr[Gl]]] Np h{C!_) = {Q!}. If C[ or is non-empty then 
C is of type C3, and the first statement holds. If C'l and C2 are empty then 
C is of type CI and the second statement holds. 

• s E Gi. For the resolution step to be possible we must have s — /(si, . . . , s„). 
Each Si E G. The mgu cr of s and f{xi , . . . , Xn) is such that each Xicr — Si. 
The resolvent C = C( VC2[xi, . . . , x^Jtr VDi VZ32 is a ground clause. All 
literals in C[ are of the form ±'Q{t) with t E Ngri[Ngrr[Gi]]. The literals 
in C2[xi, . . . , Xr]cr are of the form ±'Q{t) where the following cases are 
possible: 

- t = /'(xji, . . .,Xi^)a where {x^^, . . . = {xi, . . . ,Xn}- Then 
t = /'(s,,,...,s,„J eGi C Ngri[Ngrr[Gi]]. 

- t — XiU = Si G G C Ngri[Ngrr[Gi]] for some \ <i <n. 

Hence all non-splitting literals in C are of the form ±'Q{t) with t E Ngri[ 
Ngrr[Gi]]. No replacement rules or splitting rules apply and S' = S'U{C}. 
{Ci}UC2[G] Np C hence I (S') Np h{C) = {C}. If C; or is non-empty 
then C is of type C3 and the first statement holds. If CJ and C2 are empty 
then C is of type CI and the second statement holds. 

10. We do resolution between two clauses Ci[xi, . . . ,Xr] and C2[xi, . . . ,Xr], both 
of type C4, and both from S upto renaming. First we rename the second clause 
as C2[xr+i, . . . ,X2r] by applying the renaming cro = {xi 1-^ x^+i, . . . ,Xr 
X2r}. By ordering constraints, Ci[xi, . . . ,Xr] = Ci[xi, . . . ,yir]\/ DiM P{f{xi, 

. . .,Xn)) and C2[X,.+ 1, . . . ,X2r] = -P{f{yi, ■ ■■,yn)) V C^iXr+l, ■ ■ ■ , X2,.] V 

D2 and the resolvent is C[xi, . . . ,Xr] = C([xi, . . . , Xr]crVC2[xr+i, . . . ,X2r]crV 
Di V D2 where, by Lemma|6j a is such that {xi, . . . , Xn}cr C {xi, . . . , 
and Uia = Xi for 1 < i < n. 7r(Ci) U 7r(C2) Np C[xi, . . . , x^]. Hence 
\{S) 2 l4(Ci[xi,...,x,])Ul4(C^[xi,...,x,]) = 7r(Ci[xi,...,x,])UCi[Ngrr 
UNgrr[Ngrr[Gi]]]U^(C2[xi,...,x,])UC2[NgrrUNgrr[Ngrr[Gi]]] Np 7r(0xi, 
• • • , X.]) U aNgrr U Ngrr[Ngrr[Gi]]] ^ \i{C[xu x,]). 

• Suppose C'l or C2 has a non-trivial literal. Then C is of type C4, no re- 
placement or splitting rules apply, S" = S* U {C} and the first statement 
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holds. 

• Suppose C'l and C2 contain no non-trivial literal. Then C[xi, . . . , x^] = 
i?i[xjj U . . . Ui3fc[xjJ VZ?! VD2 with 1 < «i, . . . , ife < r, each being 
an e-block. No sphtting or replacement rules apply (e-splitting is forbidden 
by (/)o), and S" = S* U {C}. The second statement holds. 

11. We do a resolution step in which one of the premises is a clause from cl{TV). 
Every clause in cl{TV) is of type C2. Also trivially ^(C') C l(r). Hence this 
case can be dealt with in the same way as in the case where one of the premises 
of resolution is a clause of type C2. 

Next we consider factoring steps. Factoring on a clause of type CI or C3 is possible 
only if the two involved literals are the same, hence this is equivalent to doing nothing. 

1. We do factoring on a clause Ci [xr+i] = C( [x^+i] V±P(s[xr+i])V±P(<[xr+i]) 
of type C2, and from S upto renaming. We know that ,s[xr+i], i[xr+i] S Ngri, 
and by ordering constraints s and t are non trivial. The clause obtained is 
C[xr+i] — C([xr+i]o' V ±P(s[xr+i])(T whcrc (7 is a unifier of s[xr+i] and 
i[xr+i]. If s[xr+i] 7^ t[x,._|-i] then by Lemma |3lxr+icr is a ground strict sub- 
term of s or t, hence Xr+icr G G C Ngrr[Gi]. Each literal in C is of the 
form ±'Q{t') where t' e Ngri[Ngrr[Gi]]. Hence C is of type C3. No split- 
ting or replacement rules apply and S' = SiJ {C}. We have C G Ci[Ngrr[Gi]]. 
\{S) D l2(C;i[x,+i]) D Ci[x,+i][Ngrr[Gi]] D 13(C) = {C}. The first state- 
ment holds. 

2. We do factoring on a clause Ci [xi , . . . , x, ] of type C4, and from S upto re- 
naming, to obtain the clause C[xi, . . . , x,]. By ordering constraints non-trivial 
literals must be chosen for factoring. Then C[xi , . . . , x^] is again of type C4 and 
C[xi, . . . ,x,] e tt{Ci). KS) D UiC\) = 7r(Ci)uC;i[NgrrUNgrr[Ngrr[Gi]]] 
14(C). The first statement holds. □ 

The alternative resolution procedure for testing unsatisfiability by using succinct 
representations of tableaux is now defined by the rule: T | 5 ► T | 5 U {Bi U D} | 
SU{B2} I ... I SU{Bk} whenever 1(5*) Np BiU. . .UBkUD, each is an e-block, 
1 < zi, . . . , ife < r and D C ±Q. The simulation property now states; 

Lemma 1 IfS\=T and S ^^..^.-r T then T ►* T' for some T' such that T C T . 

Proof: As 5 T, we have some S' such that S ^^^^^g^n S' and T is obtained 

from S' by e-splitting steps. From Lemma[^ one of the following cases holds. 

• 5' C S*. Then S" contains only clauses of type C1-C4 and no e-splitting is 
appUcable. Hence T = 5" □ 5. As T □ 5 and S* C T hence T □ T because 
of transitivity of C. Thus T is the required T'. 

• S' = S U {C} U S", C is a renaming of Bi[yii^] U . . . U Bfc[xjJ U D where 
each B, is an e-block, I < ii, . . . ,ik < r, D C ±Q, \{S) Np C and S" is a 
set of clauses of type C3 and Np 5^. We have T = S U S" U {Bi U D} \ 
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SUS"U{B2} I ... I SUS"\J{Bk}.WehaveSUS"Ll{BiUD} nTU{BiUD} 
and S U S" U {B,} □ T U {BJ for 1 < i < k. We show that the required T' 
is T U {Bi U £>} I T U {Bi} | ... | S U S" U {Bk}. As 5* □ T hence 
l(T) Np \{S) C. Hence T ► T'. □ 

Hence as for flat clauses we obtain: 

Theorem 5 Satisfiability for the class C is NEXPTIME-complete. 

Proof: Let 5 be a finite set in C whose satisfiabiUty we want to show. We proceed 
as in the proof of Theorem |3l Wlog if C e S" then C is either a complex clause 
or a one-variable clause. Clearly S is satisfiable iff S U cl{TZ) is satisfiable. At the 
beginning we apply the replacement steps using TZ as long as possible and then Qq- 
splitting as long as possible. Hence wlog all clauses in S are of type C1-C4. Then 
we non-deterministically add a certain number of clauses of type CI to S. Then we 
check that the resulting set 5" does not contain □, and is saturated in the sense that: if 
C = Bi[xjJU. . .UBfe[xiJUD, eachBj is ane-block, 1 < . . . , ife < r, L» C ±Qo, 
and Bj[xr+i] ^ 5" for 1 < j < k, then 1(5") J^p C_. There are exponentially many 
such C to check for since the number of splitting literals in polynomially many. The 
size of 1(5') is exponential. □ 



7 The Horn Case 

We show that in the Horn case, the upper bound can be improved to DEXPTIME. 
The essential idea is that propositional satisfiability of Horn clauses is in PTIME in- 
stead of NPTIME. But now we need to eliminate the use of tableaux altogether To 
this end, we replace the e-splitting rule of Section |6l by splitting-with-naming. Ac- 
cordingly we instantiate the set Q used in Section |6l as Q = Qo U Qi where Qi = 
{C I C is a non-empty negative e-block with predicates from P}. We know that bi- 
nary resolution and factorization on Horn clauses produces Horn clauses. Replace- 
ments on Horn clauses using the rules from TZ produces Horn clauses. Qi-splitting 
on Horn clauses produces Horn clauses. E.g. clause B(xi) V — (5(xi) V — i?(x2) 

produces P(xi) V — (5(xi) V R{^2) and — i?(x2) V — i?(x2). Qo-splitting on 

P{f{x))y-Q{a) produces P(/(xi ) ) V Q{a) and -Q{a)y -Q{a) which are Horn. 

However Qp-sp litting on C = -P(/(xi))V(3(a) produces Ci = -P(/(xi))V-(3(a) 
andC2 = Q{a)\/Q{a). C2 is not Horn. However Ci = CandCh — — (5(a) VQ(o) are 
Horn. Finally, as Qi has exponentially many atoms, we must restrict their occurrences 
in clauses. Accordingly, for 1 < i < 4, define clauses of type Ci' to be clauses C of the 
type Ci, such that C_ is Horn and has at most r negative literals from Qi. {C_ is defined 
as before, hence it leaves atoms from Qi unchanged). Now the Q-splitting-replacement 
strategy (f)h first applies the replacement steps of Section|6]as long as possible, then ap- 
plies Qo-splitting as long as possible and then applies Qi -splitting as long as possible. 
Succinct representations are now defined as: 5 C;, T iff for each C € 5, C is of type 
Ci' and satisfies Pir for some 1 < i < 4. The abstract resolution procedure is defined 
as: T>-hT U {Bi V -92 V ... V -qk U L» U £;} U {Bi V B^ | 2 < i < fc} whenever 
l(r) Np C, C = Bi[x,J U .. . UBfc[x,J UBIUB, Cis Horn, 1 < ii, . . . , i^ < r, Bi 
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is an e-block, Bi is a negative e-block and 2 < i < k, D C ±Qq and E C ±Qi such 
that if fc = 1 then E has at most r negative Uterals, and if > 1 then E has no negative 
literal. The □ and ► relations are as in Section|S] 

Lemma 2 If S T and S ^^^.^^^7^ 6*1 then T>-h*Ti and Si C/j Ti for some Ti. 

Proof: Let 0o be as in Section|6l As S ^^^^^^^tj 5*1 hence we have some S' such 
that 5* 00 7j iS" and 5*1 is obtained from S' by applying Qi-splitting steps. As 
discussed above, all clauses C G U S" are such that C is also Horn. If 5' is obtained 
by resolving upon splitting literals, then one of the premises must be just a positive 
splitting literal. The other premise has at most r literals of the form —q with q E Qi, 
hence the resolvent has at most r literals of the form —q with q G Qi- In case non- 
splitting literals are resolved upon then the premises cannot have any negative splitting 
literal and the resolvent has no negative splitting literal. Qo-splitting does not create 
literals from ±Qi. Hence all clauses in S' have at most r literals of the form —q with 
q G Qi- Now by LemmaFTOI one of the following conditions holds. 

• S" C 5. Then Qi -splitting is not applicable on clauses in 5" and 6*1 = S" E S. 
From transitivity of □ we have Si C T. Then from the above discussion we 
conclude that Si C/j T. 

• S' ^ S U {C} U S", C is a renaming of Si[xiJ U . . . U Sfc[xiJ U D, each 
Bi is an e-block, I < ii, . . . ,ik < r, D C ±Q, \{S) Np C, and S" is a set 
of clauses of type C3 and Np S^. Also if /c > 2 then D has no literals —q 
with g G Qi. As C is Horn, wlog Bi is negative for i > 2. Hence 5*1 = 
S' U {Bi V -g2 V ... V -qk U D} U {B^ U Bi \ 2 < i < k}. We. show that the 
required Ti is T U {Bi V -92 V ... V -qk U £)} U (WiUBi \ 2 <i<k}. Each 
BiUBi is of type CI' . As C G S' hence D has at most r literals —q with g G Qi . 
Hence if A: = 1 then Bi V -92 V ... V -qk U D is also of type CI'. If fc > 2 then 
D has no negative literals —q with (7 G Qi, and Bi V —92 V ... V —qk U Z3 is 
again of type CI' since k < r. As S T we have l(r) 1(5*) Np C. Hence 
T^-hTi. Finally, clearly S'l C Ti hence Si Ti. □ 

Now for deciding satisfiability of a set of flat and one-variable clauses we proceed 
as in the non-Horn case. But now instead of non-deterministically adding clauses, 
we compute a sequence S = So>-hSi>-hS2 ■ ■ ■ starting from the given set S, and 
proceeding don't care non-deterministically, till no more clauses can be added, and 
then check whether □ has been generated. The length of this sequence is at most 
exponential. Computing Si+i from Si requires at most exponential time because the 
number of possibilities for C in the definition of ► above is exponential. (Note that 
this idea of Qi -splitting would not have helped in the non-Horn case because we cannot 
bound the number of positive splitting literals in a clause in the non-Horn case, whereas 
Horn clauses by definition have at most one positive hteral). Also note that APDS can 
be encoded using flat Horn clauses. Hence: 

Theorem 6 Satisfiability for the classes CHorn and THorn is DEXPTIME-complete. 
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Together with Theorem[2 this gives us optimal complexity for protocol verifica- 
tion: 

Theorem 7 Secrecy of cryptographic protocols with single blind copying, with bounded 
number of nonces but unbounded number of sessions is DEXPTIME-complete. 

7.1 Alternative Normalization Procedure 

While Theorem|6]gives us the optimum complexity for the Horn case, we outline here 
an alternative normalization procedure for deciding satisfiability in the Horn case, in 
the style of 1141 . Our goal is to show that the Horn case can be dealt with using 
simpler techniques. This may also be interesting for implementations, since it avoids 
exhaustive generation of instantiations of clauses. Since we already have the optimum 
complexity from Theorem |6] we restrict ourselves to giving only the important ideas 
here. Define normal clauses to be clauses which have no function symbol in the body, 
have no repetition of variables in the body, and have no variables in the body other than 
those in the head. Sets of normal definite clauses involving unary predicates can be 
thought of as generalizations of tree automata, by adopting the convention that term t 
is accepted at state P iff atom P{t) is reachable. I.e. states are just unary predicates. 
(Intersection-)emptiness and membership properties are defined as usual. 

Lemma 3 Emptiness and membership properties are decidable in polynomial time for 
sets of normal definite clauses. 

Proof: Let S be the set of clauses. To test emptiness of a state P, we remove arguments 
of predicate symbols in clauses, and treat predicates as proposition symbols. Then we 
add the clause — P and check satisfiability of the resulting propositional Horn clause 
set. 

To test if t is accepted at P, let T be the set of subterms of t. Define a set S' of 
clauses as follows. If Q{s) V — Qi(a::i) V ... V —Qn{xn) G S and sa ^ T for some 
substitution a then we add the Horn clause Q{sa) V —Qi{xia) V ... V ~Qn{xn<^) 
to S". Finally we add —P{t) to 5" and test its unsatisfiability. S" is computable in 
polynomial time. Also S' has only ground clauses, hence satisfiability is equivalent to 
propositional unsatisfiability, by treating each ground literal as a propositional symbol. 

□ 

The intuition behind the normalization procedure is as follows. We use new states 
which are sets {Pi , P2 , ■ • ■ , }, where Pi , P2 , . . . are states in the given clauses set. The 
state {Pi, P2, . . . , } represents intersection of the states Pi, P2, . . .. These new states 
are denoted by p, g,pi, . . .. The states P in clauses are replaced by {P}. We try to 
make non-normal clauses redundant by resolving them with normal clauses. Hence 
a clause C V —p{t), where t has some function symbol, is resolved with a normal 
clause p{s) V £> to obtain a clause Ccr V Da where a = mgu{s, t). Normal clauses 
p{s) V C and p{t) V D are used to produce clause {p U q){s(j) V Ccr V Da where 
a = mgu{s, t). In this process if we get a clause C V ~p{t) where t is ground, then 
either t is accepted at p using the normal clauses and we remove the literal ~p{t) from 
the clause, or t is not accepted at p using the normal clauses, and we reject the clause. 
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From clauses C V —p{x) V -~q{x) we derive the clause C V —{p V q){x). If a clause 
p(a;i) V —q{xi) V — (7i(a;2) V ... V —qn{xn) is produced where the Xi are mutually 
distinct, then either each qi is non-empty using the normal clauses and we replace this 
clause by p{x) V —q{x), or we reject this clause. The normal clauses p{x) V ~q{x) 
and q{t) W C produce the clause q{t) V C. Replacement rules are also applied as in 
the non-Horn case. We continue this till no more new clauses can be produced. Then 
we remove all non-normal clauses. We claim that this process takes exponential time 
and each state p in the resulting clause set accepts exactly the terms accepted by each 
P € p in the original clause set. This also gives us a DEXPTIME algorithm for the 
satisfiability problem for the class C. 

Example 1 Consider the set S ~ {Ci, . . . , C5} of clauses where 

Ci = P(a) 

C2 = Q{a) 

C3 = P(/(g(xi,a),5r(a,xi),a)) 

C4 = P(/(5(xi,a),5(a,Xi),6)) 

C5 = i?(xi) 

We first get the following normal clauses. 

C[ = {P}(a) 

C'2 = {Q}{a) 

C^= {P}(./(.9(xi,a),g(a,xi),a)) V - {P}(xi) 

Ci^ {F}(/(5(xi,6),<7(a,xi),6)) V - {P}(xi) 

The clause 

C, = {i?}(xi) V -{P}(/(X1,X1,X2)) V -{g}(x2) 

is not normal. Resolving it with C3 gives the clause 

{R}{g{a,a))V ^{P}{a)y ~{Q}{a) 

As a is accepted at {P} and {Q} using the normal clauses C'l and Cj, hence we get a 
new normal clause 

CG = {R}{9{a,a)) 

Resolving C5 with C4 gives 

{i?}(5(a,a))V-{P}(a)V-{Q}(6) 

But b is not accepted at {Q} using the normal clauses hence this clause is rejected. 
Finally C( and C'2 also give the normal clause 

CT = {P,Q]{a) 
The resulting set of normal clauses is {C(, . . . , C4, Cg, C7}. 



V-F(xi) 
V-P(xi) 

V-P(/(xi,Xi,X2)) V-Q(X2) 
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8 Conclusion 



We have proved DEXPTIME-hardness of secrecy for cryptographic protocols with sin- 
gle blind copying, and have improved the upper bound from 3-DEXPTIME to DEXP- 
TIME. We have improved the 3-DEXPTIME upper bound for satisfiability for the class 
C to NEXPTIME in the general case and DEXPTIME in the Horn case, which match 
known lower bounds. For this we have invented new resolution techniques like ordered 
resolution with splitting modulo propositional reasoning, ordered literal replacements 
and decompositions of one-variable terms. As byproducts we obtained optimum com- 
plexity for several fragments of C involving flat and one-variable clauses. Security 
for several other decidable classes of protocols with unbounded number of sessions 
and bounded number of nonces is in DEXPTIME, suggesting that DEXPTIME is a 
reasonable complexity class for such classes of protocols. 
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A Proofs of Section |4l 

We use the following unification algorithm, due to Martelli and Montanari. It is de- 
scribed by the following rewrite rules on finite multisets of equations between terms; 
we let ]\I be any such multiset, and comma denote multiset union: 

(Delete) M,u:^u^ M 

(Decomp) M, f{ui, . . . , u„) = f{vi, . . . , «„) -> M, ui = ui, . . . , u„ = w„ 
(Bind) M, x = v M[x :— v], x ^ v provided x is not free in v, but is free in M. 
(Faill) M, X = V ^ ± provided x is free in v and x ^ v. 
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(Fail2) M, f{ui, . . . ,u,n) = g{vi, . . . ,Vn) ^ -L provided / ^ g. 

We consider that equations u ^ v are unordered pairs of terms u, v, so that in particular 
u = V and w = u are the same equation. _L represents failure of unification. If s and 
t are unifiable, then this rewrite process terminates, starting from s = t, on a so-called 
solved form zi = ui, . . . , = Uk\ then a = {zi i-> ui, . . . ,Zk i— > Ufc} is an mgu of 
s = t. 

Lemma 4 Let s[x\ and t\y\ be two non- ground non-trivial one-variable terms, and 
X ^ y. Let U be the set of non-ground strict subterins of s and t and let V be the set of 
ground strict subterms of s and t. If s [x] and t [y] are unifiable then they have a mgu a 
such that one of the following is true: 

• CT = {x I— » where u €z U. 

• a = {y i—> u[x]} where u U. 

• a ^ {x ^ u, y ^ v} where u, v £ 

Proof: Note that V C U[V] since U contains the trivial terms also. We use the above 
unification algorithm. We start with the multiset Mq ^ s = t. We claim that if 
Mo — M then M is of one of the following forms: 

1. Si[x] = ti[y], . . . , Sn[x] = tn[y], where each Si,ti e U UV, some Si & U and 
some tj € U. 

2- si [«[?;']] ti[y'], . . .,Sn[u[y']] = tn[y'],x' = u[y'] where u e U, each Si,t, £ 
UUV,x' e {x, y} and y' e {x, y} \ {x'}. 

3. si[u] — ti[y'], . . . ,Sn[u] = tn[y'],x' = u where u £ V, each Si,ti e U U V, 
some ti e U, x' £ {x, y} and y' E {x, y} \ {x'}. 

4. A/', X ~ u,y = V where u,v E U[V], and no variables occur in M'. 

5. _L. 

As s and t are non-trivial, and x and y are distinct, hence (Delete) and (Bind) don't 
apply on AIq. Applying (Decomp) on Mq leads us to type (1). Applying (Faill) or 
(Fail2) on any AI leads us to _L. Applying (Delete) and (Decomp) on type (1) keeps us 
in type (1). Applying (Bind) on type (1) leads to type (2) or (3) depending on whether 
the concerned variable is replaced by a non-ground or ground term. Applying (Delete) 
on type (2) leads to type (2) itself. Applying (Decomp) on type (2) leads to type (2) 
itself. (Bind) appUes on M of type (2) only if AI contains some y' = v where v 
is ground. We must have v E V. The result is of type (4). Applying (Delete) and 
(Decomp) rules on type (3) leads to type (3) itself. (Bind) applies on M of type (3) 
only if M contains some y' = v where v is ground. We must have v £ U[V]. The 
result is of type (4). Applying (Delete) and (Decomp) on type (4) leads to type (4) 
itself, and (Bind) does not apply. 

Now we look at the solved forms. Solved forms of type (1) are of the form either 
X = u[y] with u e [/, or y = u[x] with uEU,OTx^u,y = v with u,v E V C U[V]. 



31 



M of type (2) is in solved form only if n = 0. Hence the solved forms are again of the 
form X = u[y] or y = u[x] with u eU . M of type (3) is in solved form only if rt = 1, 
hence M is of the form x ^ u,y ^ v with u,v S U[V]. Solved forms of type (4) are 
again of type x ^ u,y ^ v with u, v G U[V] (i.e. M' is empty). □ 

Lemma 2 Let s[x] andt[y] be reduced, non- ground and non-trivial terms where x ^ y 
and s[x\ ^ t\x\. If s and t have a unifier a then xa, ya G where U is the set 

of non-ground (possibly trivial) strict subterms of s and t, and V is the set of ground 
strict subterms of s and t. 

Proof: By Lemma|4] s[x\ and t[y\ have a mgu a' such that one of the following is true: 

• ct' = {a; ^ u[y\} where u E U . We have s[it[?;]] = t[y]. As t is reduced, 
this is possible only if u is trivial. Hence s\y] = t\y], so s[x\ = t[x\. This is a 
contradiction. 

• a' = {y ^ fiN} where u € U. This case is similar to the previous case. 

• a' ~ {x 1-^ u,y t-^ v} where u,v G U[V]. As a' is the mgu and maps x and y 
to ground terms, hence a = a'. □ 

Lemma 3 Let a be a unifier of two non-trivial, non-ground and distinct one-variable 
terms s[x] and t[x]. Then xa is a ground strict subterm of s or oft. 

Proof: We use the above unification algorithm. We start with the multiset i\fo = 
s[x\ = t[x\. If Afo M then M is of one of the following forms: 

1 . si[x\ = ti [a:] , . . . , s„ [x] = tn [x] where each Si is a strict subterm of s and each 
ti is a strict subterm of t 

2. M,x = u where u is a ground strict subterm of s or t, and no variables occur in 
M 

3. _L. 

Then it is easy to see that the only possible solved form is a; = u where u is a 
ground strict subterm of s or t. □ 

B Proofs of Section |6l 

Theorem 4 Modified ordered resolution, wrt a stable and enumerable ordering, with 
splitting and Q-splitting and ordered literal replacement is sound and complete for 
any strategy. Le. for any set S of V-clauses, for any strict stable and enumerable 
partial order < on atoms, for any set TZ of ordered replacement rules, for any finite 
set Q of splitting atoms, and for any Q-splitting-replacement strategy (f>, S U cl{TZ) is 
unsatisfiable iff S ^ ^ for some closed T. 
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Proof: A standard Herbrand interpretation is a Herbrand interpretation Ji such that 
C € H iff H does not satisfy C. This leads us to the notion of standard satisfiability 
as expected. The given set S of P-clauses is satisfiable iff it is standard-satisfiable. 
Ordered resolution, factorization and splitting preserve satisfiability in any given Her- 
brand interpretation, and Q-splitting preserves satisfiability in any given standard- 
Herbrand interpretation. Also if T -^n T' then T U cl{TL) is satisfiable in a Herbrand 
interpretation iff T' U cl (TZ) is satisfiable in that interpretation. This proves correctness: 
if S" ^TiT and T is closed then S U cl{Tl) is unsatisfiable. 

For completeness we replay the proof of II II for ordered resolution with selection 
specialized to our case, and insert the arguments required for the replacement rules. 
Since < is enumerable, hence we have an enumeration A[, A2, . . . of all ground atoms 
such that if A'^ < A'j then i < j. Also there are only finitely many splitting atoms in 
Q, all of which are smaller than non-splitting atoms. Hence the set of all (splitting as 
well as non-splitting) atoms can be enumerated as Ai,A2,... such that if Ai <s Aj 
then i < j. Clearly all the splitting atoms occur before the non-splitting atoms in this 
enumeration. Consider the infinite binary tree T whose nodes are literal sequences of 
the form ±1^1 ±2 . . . Ak for fc > 0. The two successors of the node N are 
N + Ak+i (the left child) and TV - Ak+i (the right child). If A: = then TV is a root 
node. Furthermore we write —N = =Fi^i T2 ^2 • ■ • Tfc ^fc- A clause /aiVi at a node 
iV if there is some ground substitution a such that for every literal L G C, La is in 
—N. For any set T of clauses define as the tree obtained from T by deleting the 
subtrees below all nodes of T where some clause of T fails. A failure-witness for a 
set T of clauses is a tuple (T', C,,6,) such that T' = Tt is finite, Cjv is a clause 
for each leaf node N of T', and 9n is a ground substitution for each leaf node N of 
T' such that for — iV contains every L £ CnOn- We define i^(T') as the number of 
nodes in T'. For any failure witness of the form (T', C,, 6*,) and for any leaf node 
iV = ±1^1 ±2 ^2 • • • ±fe Ak of T, define (Cw, 6'Ar) as follows: 

- If Cn ^ cl{TZ) then /ii(Cjv, 0n) is the multiset of integers which contains the integer 
i as many times as there are literals zLA' S Cjv such that A'Ojy — Ai. 

- If Cat € d{TZ) then ^11(0^,9^) is the empty multiset. 

We define /i^(T', C,, 6*,) as the multiset of the values /ii(C7v, On) where A'' ranges 
over all leaf nodes of r. We define /i(T', C., e*.) = (t/(T'), (T', C., 6*,)). We 
consider the lexicographic ordering on pairs, i.e. {xi,yi) < (2:2, ^2) iff either xi < X2, 
or xi = X2 and yi < y2- Since S U cl{TZ) is unsatisfiable, from Konig's Lemma: 

Lemma 5 5* U cl{TZ) has a failure witness. 

Lemma 6 If T has a failure witness (Ty, C,,6,) such that is not just the root 
node, then there is some T' with a failure witness (T^/, C^, 9'^) such that T T' 
andfi(TT',C"„e',) < fi{TT,C„e,). 

Proof: In the following the notion of mgu is generalized and we write mgu{si = . . . = 
Sn) for the most general substitution which makes si, . . . , s„ equal. We iteratively 
define a sequence Rq, Ri, . . . of nodes, none of which is a leaf node. Rq is the empty 
sequence which is not a leaf node. Suppose we have already defined Ri. As Ri is not 
a leaf node, Ri has a descendant iV^ such that iV^ — Bi is rightmost leaf node in the 
subtree of Tt rooted at Ri . 
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(1) If Bi is a non-splitting atom then stop the iteration. 

(2) Otherwise Bi is a sphtting atom. 

(2a) If the subtree rooted at Ni + Bi has some leaf node N such that —Bi <E Cn 
then stop the iteration. 

(2b) Otherwise Ni + Bi cannot be a leaf node. Define Ri+i = Ni + Bi and 
continue the iteration. 

Tt is finite hence the iteration terminates. Let k be the largest integer for which 
and hence Nk and B^ are defined. For < i < fc — 1, i?i is a splitting literal. The 

only positive literals in the sequence Nk are from the set {Bq, . . . , Bk-i}- Nk — Bk is 

a leaf node of T^. 

Suppose the iteration stopped in case (1) above. Then Nk has some descendant 
TV such that its two children N — B and + _B are leaf nodes of Tt, and B is a 
non-splitting literal. As Bk is a non-splitting literal, no negative splitting literals are 
present in Cn-b or Cm+b- Cn-b is of the form Ci V V . . . V B'^{m > 1) 
such that B[6m-b = ■ ■ ■ — B'^^O^^b ~ B and each literal in CiOn^b is present 
in —N. The literals B[, . . . , B'^ are then maximal in Cn-b and can be selected for 
resolution. Cn+b is of the form C2 V -B'{ V ... V -B'l^{n > 1) such that B'{0n+b = 
. . . = _B''0jv+B = B and each literal in C26N+B is present in ~N . The literals 
B", . . . , S." are then maximal in Cn+ b and can be selected for resolution. We assume 
that Cn-b and Cn+b are renamed apart so as not to share variables. Let be a 
ground substitution which maps each x G fv(Cjv-s) to x9n-b and x G fv(Cjv+B) to 
xOn+b- We have B[0 = . . . = B',J = B'{e ^ ... = B'^0. Then a = mgu{B[ = 
. . . = B[-^ = B'l = . . . = _B") exists. Hence we have some ground substitution 
9' such that <t9' = 9. Hence by repeated applications of the ordered factorization 
and ordered binary resolution rule, we obtain the resolvent C = C\(j \l C-^cr, and 
T EE^<^ T' = T U {C}. We have C9' = C^O V C26I. Hence C fails at node N. 
Then T^/ is finite and ;^(Tt/) < i^(Tt). Hence by choosing any C, and 9', such that 
(Tt', Ci, 6*;) is a failure witness for T', we have ^lijr' .C',,9',) < ^i{Tt, C,,9,). 

If the iteration didn't stop in case (1) but in case (2a) then it means that Bk is a 
splitting literal. Then CNk-B^ = Ci V +i?fe (with Bk ^ Ci). Ci has no negative 
splitting literals. Hence the only literals in Ci are positive splitting literals. Hence the 
literal Bk can be chosen from CN^-Bk for resolution. The subtree rooted at Nk + Bk 
has some leaf node N such that —Bk G Cn- Then Cjv = C2 V ~Bk (and —Bk ^ C2). 
Hence —Bk can be selected from Cat for resolution. We obtain the resolvent C2 V Ci 
which fails at N. Let T' = T U {Ci \/ Ci}. We have v{Tt') < i^i^r)- If N' is 
the highest ancestor of N where C2 V Ci fails then N' is a leaf of Ty/ and we define 
C^, = C2VC1 and 6*^, = 9ff Wehave /xi(C^,, 0^,) < ^i{Cn,9isi) since allUterals 
in Ci are splitting literals ±g such that q occurs strictly before Bk in the enumeration 
Ai,A2, . ■ .. (Also note that Cn ^ cl{TZ) because Cat contains a splitting literal). 
All other leaf nodes N" of Tt' are also leaf nodes of and we define C'j^,, — 
Cn" and 9'j^,, ~ 9n". Then i^T' tC',,9'^) is a failure witness for T' and we have 
M"(Tt',C:,6i:) < m~(Tt,C.,6I.). Hence we have /^(Tt' , Ci, ^l) < //(Tt, C., 61.). 
□ 
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Lemma 7 IfT has a failure witness (Ty, C,, 0,) and T —^Q-„spi T' then T' U cl{7Vj 
has a failure witness (Tt'uc/(7J), C^, 6*1) with tJ-(jT'uci{TZ)iC',,d',) < A*(Tt, C,, 6',). 

Proof: Let C = Ci U C2 G T, C2 is a non-empty P-clause, Ci has at least one non- 
splitting literal, and T ^Q^n.pi T' = (T \ {C}) U {Ci V ^ V C2}. If C Cjv 
for any leaf node N of Tt then there is nothing to show. Now suppose C ~ Cn where 
is a leaf node of Tt- If Cat G cl{TZ) then there is nothing to prove. Now suppose 
Cn ^ cl{TV). As C is constrained to contain at least one non-splitting literal, hence 
the Uteral sequence N has at least one non-splitting Uteral. By the chosen enumeration 
Ai, A2, ■ ■ ., either C2 or — C2 occurs in the literal sequence N. 

• If C2 occurs in N then Ci V — C2 fails at N. Let A^' be the highest ancestor 
of N where it fails. N' is a leaf node of Tt'. We define C'^, = Ci V -Ch 
and 6'^, ^ 9m- All other leaf nodes N" of Ty' are also leaf nodes of Tt and 
we define ~ Gn" and 6*^,, = 6'iv"- (ITt' , C^', ^1') is a failure witness 
for T' . As C2 has at least one non-splitting literal, we have /ii(Cj(r/, fi'jv') < 
^ll{CN,eN) (recall that Cn i d{n)) so that fi{TT',C'J, 9'1) < //(Tt, C„ 9,). 
As T' C T' U d{n) hence the result follows. 

• If — C2 occurs in N then C2 V C2 fails at N. Since Ci has at least one non- 
splitting literal, as in the previous case, we obtain a failure witness (Tt' , C^', 6*1') 
such that h{Tt',C'J, 9'i) < /i(Tr, C„9,). □ 

Lemma 8 IfT has a failure witness (Tt ,Ct,9,) and T —>-spi Ti \ T2 then Ti U cl (TV) 
and T2 U cl{7l) have failure witnesses {'TtiUcI{ti)iC',,9',) and (Tt2Uc;(71), C'« ) ^l') 
suchthat ^i{TTiUci{n),C',,9',) < pl{Tt,C,,9,) and ^i{TTMci(n)iC'^ ,9'^) < 
ti{TT,C.,9.). 

Proof: Let C = Ci U C2 G T such that C\ and C2 share no variables, and we have 
T ^spi Ti I T2 where T, = T U {d}. We prove the required result for Ti, the 
other part is symmetric. If C Cn for any leaf node N of Tt then there is nothing 
to show. Now suppose C = Cn for some leaf node N of Tt. If Cat G cl{TZ) then 
there is nothing to show. Now suppose Cn ^ cl{TV}. Since Ci C C, hence Ci also 
fails at N . Let N' be the highest ancestor of N where Ci fails. N' is a leaf node of 
Tti. We define C'l^, = C and 0^, = 9. All other leaf nodes N" of Tti are also leaf 
nodes of Tt, and we define C'^„ = Cn" and 9%„ = 9n". (Tt, , C 9'^') is a failure 
witness for Ti. Also /.ti(C^',, 6*^',) < ^i(Cn-,9n) (recall that Cjv ^ cl{n)). Hence 
/i(TT' , C;", 6*1") < /i(TT, C., 61,). As Ti C Ti U cZ(7e), hence the result follows. 
The following arguments are the ones that take care of replacement steps. 

Lemma 9 IfT has a failure witness (Tt, C,, 0,) and T —>tz T' then T' U cl{TZ) has 
a failure witness (Tt'uc/(7J), C',,9',) with ^iiTT'uc^n),C',,9',) < ^I{^T, C,,9,). 

Proof: Let Ci = C[ V ±A<t e T, R ^ A ^ B e TZ, and T T' = {T \ 
{Cl}) U {C} where C = C[ V ±Ba. If Ci ^ Cn for any leaf node of Tt then 
there is nothing to prove. Now suppose that Ci = Cn for some leaf node N of 
Tt. Let N = ±iAi . . . ±k Ak- If Ci G d(7^) then T C T' U d(7^), and there 
is nothing to prove. Now suppose Ci ^ d{TZ). We have a ground substitution 
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such that Ci9 = C[9 V ±Aa9 C {=Fi^i, • • ■ , TkM)- As R is ordered we have 
A> B. Hence Aa9 > Ba9. Hence either ±Ba9 e {Ti^i, • ■ • , TfcA-} or ^Ba9 G 
{TiAi,...,TkAk}. 

• Suppose ±Ba9 e {Ti^i, • ■ • , Tfc^fc}- Since Ci9 = (7(6* V ±Aa9 C {ti^i, 
. . . , Tfc^fc}, hence C9 = C(6' V ±B(79 C {ti^i, . . . , Tfc^fc}- Hence C fails 
at A^. Let N' be the highest ancestor of N where C fails. N' is a leaf node of 
Tt' . We define C%, = C and 9'^^, = 9. All other leaf nodes N" of Tt' are also 
leaf nodes of Tt, and we define C'l^„ = Cn" and 9'l^„ = 9n". {Tt' , C'J , 9'^) 
is a failure witness for T'. Also /ii(C^,, 6'^,) < ^i{Ciq, 9^) (recall that Cat ^ 
c^(7^)). Hence ^(Tr',C;,6i;) < /i(TT, C., e*.). AsT' C T' U d(7^), hence the 
result follows. 

• Suppose TBa9 G {Ti^i, • ■ • , TkAk}- Since iAae* =G {Ti^i, ■ • ■ , TkAk}, 
hence the clause =F A V zkB G cl{TZ) fails at A^. Let N' be the highest ancestor of 
N where ^A V ±_B fails. A^' is a leaf node ofTT'[j{^Aw±B}- We define C]^/ = 
C and 0^, = 9. All other leaf nodes N" of Ty/yizp^vis} are also leaf nodes 
ofTT, and we define - Cn" and = ^at,,. (Tt'u{tAv±b}, C^, ^l') 
is a failure witness for T' U {t^ V ±B}. Also /ii(C^,, 61^,) < pli{Cn,9n) 
since iii{C'^, ,9'^,) is the empty multiset. Hence /j.(Tt/u{tAv±b}i C*!'! ^. ) ^ 
/i(TT, C., 6*.). As T' U {t^ V ±B} C T' U c^(7^), hence the result follows. □ 

For a tableaux r = S*! | . . . | S'„, define T U5 = S": US' | . . . | S'„US'. We define a 
failure witness for such a T to be a multiset {(T^^ , C^, 6'i), . . . , (T^^ iCl,9^)^ where 
each (Tg. , C* , 6'^) is a failure witness of Si. We define 

A*({Tsi, C.i, . . . , (T5„, C.i, 0."}) = {m(Ts,, Ci, . . . , m(Ts„, C.i, e:^)}. 
Then it is clear that S U cl{Tl) has a failure witness and whenever any T has a failure 
witness in which one of the trees has at least two nodes, then T ^.Cs,<P,'R- for some 
T' such that T' U cZ(7?.) has a strictly smaller failure witness. Hence we have some T 
such that S 4,71 ^ ^ cliTZ) has a failure witness in which each tree is a 

root node. Then T U cl{TZ) is closed. Hence T is closed. □ 
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